New issue
Advanced search Search tips

Issue 678001 link

Starred by 3 users
Status: Verified
Owner:
ljusten@chromium.org
Closed: Jan 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Chrome
Pri: 1
Type: Bug
V1



Sign in to add a comment

authpolicy: Prevent that untrusted code serializes state

Project Member Reported by ljusten@chromium.org, Jan 3 2017 
Don't let authpolicy-exec write to /var/lib/authpolicyd. In particular, write the keytab to /tmp/authpolicyd/samba first, then move it to /var/lib/authpolicyd and take ownership by authpolicyd.
Project Member

Comment 1 by bugdroid1@chromium.org, Jan 6 2017 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromiumos/platform2/+/84e3b5a11cbb63c1feaab3a6563c9e74b3e3e8bb

commit 84e3b5a11cbb63c1feaab3a6563c9e74b3e3e8bb
Author: Lutz Justen <ljusten@chromium.org>
Date: Tue Jan 03 17:55:48 2017

authpolicy: Prevent that untrusted code serializes state

Currently, the authpolicy-exec user owns the machine keytab file in
/var/lib/authpolicyd, so that an exploit could modify it and serialize
state. This CL writes the keytab to a temp directory, moves it over to
/var/lib/authpolicyd and takes ownership with some user id trickery,
all inside the authpolicyd process. This limits the attack surface since
untrusted code can only write to it during domain join.

BUG= chromium:678001 
TEST=Compiles, tested with custom test code.

Change-Id: I2ac44703ebc7cbdc7902faaaf74e302f6d21c616
Reviewed-on: https://chromium-review.googlesource.com/424398
Commit-Ready: Lutz Justen <ljusten@chromium.org>
Tested-by: Lutz Justen <ljusten@chromium.org>
Reviewed-by: Roman Sorokin <rsorokin@chromium.org>

[modify] https://crrev.com/84e3b5a11cbb63c1feaab3a6563c9e74b3e3e8bb/authpolicy/process_executor.cc
[modify] https://crrev.com/84e3b5a11cbb63c1feaab3a6563c9e74b3e3e8bb/authpolicy/process_executor.h
[modify] https://crrev.com/84e3b5a11cbb63c1feaab3a6563c9e74b3e3e8bb/authpolicy/constants.h
[modify] https://crrev.com/84e3b5a11cbb63c1feaab3a6563c9e74b3e3e8bb/authpolicy/samba_interface.cc
[modify] https://crrev.com/84e3b5a11cbb63c1feaab3a6563c9e74b3e3e8bb/authpolicy/etc/init/authpolicyd.conf

Comment 2 by ljusten@chromium.org, Jan 6 2017

Status: Fixed (was: Started)

Comment 3 by tnagel@chromium.org, Jan 9 2017

Labels: Enterprise-Triaged

Comment 4 by dchan@google.com, Mar 4 2017

Labels: VerifyIn-58

Comment 5 by dchan@google.com, Apr 17 2017

Labels: VerifyIn-59

Comment 6 by dchan@google.com, May 30 2017

Labels: VerifyIn-60

Comment 7 by kathrelk...@chromium.org, Jul 6 2017

Status: Verified (was: Fixed)
bulk Verify of Chromad V1 bugs

Sign in to add a comment