[Libreoffice-commits] online.git: common/security.h kit/ForKit.cpp wsd/LOOLWSD.cpp wsd/LOOLWSD.hpp

Jan Holesovsky (via logerrit) logerrit at kemper.freedesktop.org
Fri Apr 24 18:59:01 UTC 2020 

 common/security.h |    4 ++--
 kit/ForKit.cpp    |   17 +++++++++++++++--
 wsd/LOOLWSD.cpp   |   10 ++++++++++
 wsd/LOOLWSD.hpp   |    1 +
 4 files changed, 28 insertions(+), 4 deletions(-)

New commits:
commit eb88cb485c9b3a24248f0b8c5eec81f7d3d28d91
Author:     Jan Holesovsky <kendy at collabora.com>
AuthorDate: Thu Apr 23 20:01:04 2020 +0200
Commit:     Jan Holesovsky <kendy at collabora.com>
CommitDate: Fri Apr 24 20:58:43 2020 +0200

    Allow running the production build under a non-lool user when necessary.
    
    But it is insecure, so warn about that.
    
    Change-Id: I151be64f53521e217a5498c0531c9ef2ff8db818
    Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92822
    Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice at gmail.com>
    Reviewed-by: Jan Holesovsky <kendy at collabora.com>

diff --git a/common/security.h b/common/security.h
index f6c0bf258..0fd0a691b 100644
--- a/common/security.h
+++ b/common/security.h
@@ -34,8 +34,8 @@ static int hasCorrectUID(const char *appName)
         return 1;
     else {
         fprintf(stderr, "Error: %s incorrect user-name: %s - aborting\n",
-		appName, pw && pw->pw_name ? pw->pw_name : "<null>");
-	return 0;
+                appName, pw && pw->pw_name ? pw->pw_name : "<null>");
+        return 0;
     }
 #endif
 }
diff --git a/kit/ForKit.cpp b/kit/ForKit.cpp
index 993794bc7..c3c672c68 100644
--- a/kit/ForKit.cpp
+++ b/kit/ForKit.cpp
@@ -398,7 +398,20 @@ static void printArgumentHelp()
 
 int main(int argc, char** argv)
 {
-    if (!hasCorrectUID("loolforkit"))
+    // early check for avoiding the security check for username 'lool'
+    // (deliberately only this, not moving the entire parameter parsing here)
+    bool checkLoolUser = true;
+    for (int i = 0; i < argc; ++i)
+    {
+        char *cmd = argv[i];
+        if (std::strstr(cmd, "--disable-lool-user-checking") == cmd)
+        {
+            std::cerr << "Security: Check for the 'lool' username overridden on the command line." << std::endl;
+            checkLoolUser = false;
+        }
+    }
+
+    if (checkLoolUser && !hasCorrectUID("loolforkit"))
     {
         return EX_SOFTWARE;
     }
@@ -526,7 +539,7 @@ int main(int argc, char** argv)
         // we are running without seccomp protection
         else if (std::strstr(cmd, "--noseccomp") == cmd)
         {
-            LOG_ERR("Security :Running without the ability to filter system calls is ill advised.");
+            LOG_ERR("Security: Running without the ability to filter system calls is ill advised.");
             NoSeccomp = true;
         }
     }
diff --git a/wsd/LOOLWSD.cpp b/wsd/LOOLWSD.cpp
index c34c2c315..7302b3c6c 100644
--- a/wsd/LOOLWSD.cpp
+++ b/wsd/LOOLWSD.cpp
@@ -728,6 +728,7 @@ std::string LOOLWSD::ConfigFile = LOOLWSD_CONFIGDIR "/loolwsd.xml";
 std::string LOOLWSD::ConfigDir = LOOLWSD_CONFIGDIR "/conf.d";
 std::string LOOLWSD::LogLevel = "trace";
 bool LOOLWSD::AnonymizeUserData = false;
+bool LOOLWSD::CheckLoolUser = true;
 #if ENABLE_SSL
 Util::RuntimeConstant<bool> LOOLWSD::SSLEnabled;
 Util::RuntimeConstant<bool> LOOLWSD::SSLTermination;
@@ -1422,6 +1423,10 @@ void LOOLWSD::defineOptions(OptionSet& optionSet)
                         .required(false)
                         .repeatable(false));
 
+    optionSet.addOption(Option("disable-lool-user-checking", "", "Don't check whether loolwsd is running under the user 'lool'.  NOTE: This is insecure, use only when you know what you are doing!")
+                        .required(false)
+                        .repeatable(false));
+
     optionSet.addOption(Option("override", "o", "Override any setting by providing full xmlpath=value.")
                         .required(false)
                         .repeatable(true)
@@ -1482,6 +1487,8 @@ void LOOLWSD::handleOption(const std::string& optionName,
         ClientPortNumber = std::stoi(value);
     else if (optionName == "disable-ssl")
         _overrideSettings["ssl.enable"] = "false";
+    else if (optionName == "disable-lool-user-checking")
+        CheckLoolUser = false;
     else if (optionName == "override")
     {
         std::string optName;
@@ -1740,6 +1747,9 @@ bool LOOLWSD::createForKit()
     if (NoSeccomp)
         args.push_back("--noseccomp");
 
+    if (!CheckLoolUser)
+        args.push_back("--disable-lool-user-checking");
+
 #if ENABLE_DEBUG
     if (SingleKit)
         args.push_back("--singlekit");
diff --git a/wsd/LOOLWSD.hpp b/wsd/LOOLWSD.hpp
index 313cd3ca6..bdac020fa 100644
--- a/wsd/LOOLWSD.hpp
+++ b/wsd/LOOLWSD.hpp
@@ -246,6 +246,7 @@ public:
     static std::string HostIdentifier; ///< A unique random hash that identifies this server
     static std::string LogLevel;
     static bool AnonymizeUserData;
+    static bool CheckLoolUser;
     static std::atomic<unsigned> NumConnections;
     static std::unique_ptr<TraceFileWriter> TraceDumper;
 #if !MOBILEAPP

More information about the Libreoffice-commits mailing list