From patchwork Wed Nov 28 04:20:07 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sam Mendoza-Jonas X-Patchwork-Id: 1004183 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 434SCl3Qtqz9s1c for ; Wed, 28 Nov 2018 15:21:55 +1100 (AEDT) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="mJZFJxPP"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="BrPbB/1o"; dkim-atps=neutral Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 434SCl1hFgzDqgS for ; Wed, 28 Nov 2018 15:21:55 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="mJZFJxPP"; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="BrPbB/1o"; dkim-atps=neutral X-Original-To: petitboot@lists.ozlabs.org Delivered-To: petitboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=mendozajonas.com (client-ip=66.111.4.28; helo=out4-smtp.messagingengine.com; envelope-from=sam@mendozajonas.com; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=mendozajonas.com Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=mendozajonas.com header.i=@mendozajonas.com header.b="mJZFJxPP"; dkim=pass (2048-bit key; unprotected) header.d=messagingengine.com header.i=@messagingengine.com header.b="BrPbB/1o"; dkim-atps=neutral Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 434SBJ1rG5zDqfV for ; Wed, 28 Nov 2018 15:20:40 +1100 (AEDT) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id E1F702250C; Tue, 27 Nov 2018 23:20:37 -0500 (EST) Received: from mailfrontend2 ([10.202.2.163]) by compute2.internal (MEProxy); Tue, 27 Nov 2018 23:20:37 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= mendozajonas.com; h=from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; s=fm1; bh=2pQOGVOLSBxdlvXDGx+gCW2tetmkMLJd0f71A6vm0Vo=; b=mJZFJ xPPOhG8tpAqdkrnuaqSupnGbOxJ0QuyotvfuZCrY13xfNgC5t0YFdte+BRVmJKlr l/MzEuEutY2V7+rAz6b9fKT+2bX/3YyIYG50HrxEWP2OHE7BsqPsSQ3kvYTZ+WKR yA25JrOi+sJTUsSPEiJR3H+IjyyivuuAcw+A7I7xKbBu15q1TODF0C8YiZHJj78/ DAnHT67V4pvkDkcN6fUt58ny4EXY0+JEwKLvdpVbeuEai8jkuFQAt4Brc4T9rpps b4Re2oM6Pnv/YFhLpKCqEIJx/MIIaG7Ey3oNREGyMwEMBEBUbr319kkFJZLcjt7j yaL5Qsc1snBEiAG3w== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:date:from :in-reply-to:message-id:mime-version:references:subject:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; bh=2pQOGVOLSBxdlvXDGx+gCW2tetmkMLJd0f71A6vm0Vo=; b=BrPbB/1o AbMCdO39Xc3ba5rGdiMrVZMetBiVQEc4YuNI6pS+2Q7SWzx2WmJ9zDyVnm5OXCXr p7Xy+lpGJ1vCeF8H0YG1wJNZBBuW2AdycK1qOKSi/xaz+y2b7tXIY/x+gIEzwFLv XIBgPnVBpwIbV6IAaqSsUeyYueuje3Wyy9y0L+97/rAB41mLDN7XkWhPuAcsw9Lg kHfJ6sHbjkv5DyIp1Jckszl+0DolpuWqtI9a5uDkvJ16w4zTapaE++bnaF3pA/qA gktcXgvCRZUM/+3AZwbK1ds3pEhQNB+54PDCz997hVm9KpLZ7b1pvQhphlkNJqiA cv/9JJLRYzS6Pw== X-ME-Sender: X-ME-Proxy: Received: from v4.ozlabs.ibm.com (unknown [122.99.82.10]) by mail.messagingengine.com (Postfix) with ESMTPA id 7811C102DD; Tue, 27 Nov 2018 23:20:36 -0500 (EST) From: Samuel Mendoza-Jonas To: petitboot@lists.ozlabs.org Subject: [PATCH v2 08/13] discover/device-handler: Prevent normal users changing boot target Date: Wed, 28 Nov 2018 15:20:07 +1100 Message-Id: <20181128042012.25916-9-sam@mendozajonas.com> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181128042012.25916-1-sam@mendozajonas.com> References: <20181128042012.25916-1-sam@mendozajonas.com> MIME-Version: 1.0 X-BeenThere: petitboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Petitboot bootloader development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Samuel Mendoza-Jonas Errors-To: petitboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Petitboot" Signed-off-by: Samuel Mendoza-Jonas --- discover/device-handler.c | 14 +++++++++++++- discover/device-handler.h | 2 +- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/discover/device-handler.c b/discover/device-handler.c index 271b9880..3c7943e1 100644 --- a/discover/device-handler.c +++ b/discover/device-handler.c @@ -81,6 +81,7 @@ struct device_handler { struct autoboot_option *temp_autoboot; struct discover_boot_option *default_boot_option; + struct discover_boot_option *last_boot_option; int default_boot_option_priority; struct list unresolved_boot_options; @@ -756,6 +757,8 @@ static int default_timeout(void *arg) opt = handler->default_boot_option; + handler->last_boot_option = opt; + if (handler->sec_to_boot) { countdown_status(handler, opt, handler->sec_to_boot); handler->sec_to_boot--; @@ -1453,13 +1456,22 @@ static struct discover_boot_option *find_boot_option_by_id( } void device_handler_boot(struct device_handler *handler, - struct boot_command *cmd) + bool change_default, struct boot_command *cmd) { struct discover_boot_option *opt = NULL; if (cmd->option_id && strlen(cmd->option_id)) opt = find_boot_option_by_id(handler, cmd->option_id); + /* Don't allow a normal client to change the default */ + if (!change_default && handler->last_boot_option && + opt != handler->last_boot_option) { + pb_log("Non-root user tried to change boot option\n"); + device_handler_status_err(handler, + "Must be root to change default boot option\n"); + return; + } + if (handler->pending_boot) boot_cancel(handler->pending_boot); diff --git a/discover/device-handler.h b/discover/device-handler.h index 9696ec06..9619a2df 100644 --- a/discover/device-handler.h +++ b/discover/device-handler.h @@ -161,7 +161,7 @@ struct discover_boot_option *device_handler_find_option_by_name( struct device_handler *handler, const char *device, const char *name); void device_handler_boot(struct device_handler *handler, - struct boot_command *cmd); + bool change_default, struct boot_command *cmd); void device_handler_cancel_default(struct device_handler *handler); void device_handler_update_config(struct device_handler *handler, struct config *config);