[PATCH] libmbim-glib, proxy: add a configure flag to set the UID of MBIM proxy
Ben Chan
benchan at chromium.org
Wed Nov 5 10:16:49 PST 2014
This patch is supposed to be sent to libmbim-devel@
On Wed, Nov 5, 2014 at 10:15 AM, Prathmesh Prabhu Chromium <
pprabhu at chromium.org> wrote:
> Augh! I want a gmail plugin that'll tell me when I try sending to the
> mm-devel list from the wrong email... :(
>
> On Wed, Nov 5, 2014 at 10:11 AM, Prathmesh Prabhu <pprabhu at google.com>
> wrote:
>
>> +aleksander, +dcbw
>>
>> This is in response to
>> http://lists.freedesktop.org/archives/libqmi-devel/2014-October/000956.html
>>
>> On Wed, Nov 5, 2014 at 10:01 AM, Roshan Pius <rpius at chromium.org> wrote:
>>
>>> Currently, the MBIM proxy process assumes that it is run as root UID and
>>> that all incoming client connection UIDs are also root.
>>> However, it's not always preferable to run the MBIM proxy as root for
>>> security reasons. On some platforms, the MBIM proxy could be constrained
>>> to run as a less-privileged user and specially granted the permission to
>>> access the MBIM device. So, adding a compile time flag in libmbim to
>>> check
>>> for the specified UID, rather than assume it to be the root UID. If the
>>> flag is
>>> not sent, it'll revert to the existing behaviour of checking for
>>> UID=0(i.e root)
>>>
>>> ---
>>> configure.ac | 11 +++++++++++
>>> src/libmbim-glib/mbim-proxy.c | 11 ++++++-----
>>> 2 files changed, 17 insertions(+), 5 deletions(-)
>>>
>>> diff --git a/configure.ac b/configure.ac
>>> index 27f82c9..132a0d7 100644
>>> --- a/configure.ac
>>> +++ b/configure.ac
>>> @@ -96,6 +96,17 @@ AC_SUBST(GLIB_MKENUMS)
>>> dnl Documentation
>>> GTK_DOC_CHECK(1.0)
>>>
>>> +# MBIM proxy UID
>>> +AC_ARG_ENABLE(mbim-proxy-uid,
>>> + AS_HELP_STRING([--enable-mbim-proxy-uid=UID], [where mbim
>>> proxy uid is]),
>>> + mbim_proxy_uid=$enableval,
>>> + mbim_proxy_uid="")
>>> +if ! test x"$mbim_proxy_uid" = x""; then
>>> + AC_DEFINE_UNQUOTED(MBIM_PROXY_UID, $mbim_proxy_uid, [Define the MBIM
>>> Proxy UID])
>>> +else
>>> + AC_DEFINE(MBIM_PROXY_UID, 0, [Define the MBIM Proxy UID])
>>> +fi
>>> +
>>> dnl Man page
>>> AC_PATH_PROG(HELP2MAN, help2man, false)
>>> AM_CONDITIONAL(BUILDOPT_MAN, test x$HELP2MAN != xfalse)
>>> diff --git a/src/libmbim-glib/mbim-proxy.c
>>> b/src/libmbim-glib/mbim-proxy.c
>>> index 7677cc6..0cdb05b 100644
>>> --- a/src/libmbim-glib/mbim-proxy.c
>>> +++ b/src/libmbim-glib/mbim-proxy.c
>>> @@ -31,6 +31,7 @@
>>> #include <glib/gstdio.h>
>>> #include <gio/gunixsocketaddress.h>
>>>
>>> +#include "config.h"
>>> #include "mbim-device.h"
>>> #include "mbim-utils.h"
>>> #include "mbim-proxy.h"
>>> @@ -1060,8 +1061,8 @@ incoming_cb (GSocketService *service,
>>> return;
>>> }
>>>
>>> - if (uid != 0) {
>>> - g_warning ("Client not allowed: Not enough privileges");
>>> + if (uid != MBIM_PROXY_UID) {
>>> + g_warning ("Client not allowed: Not the expected UID: %u",
>>> MBIM_PROXY_UID);
>>> return;
>>> }
>>>
>>> @@ -1214,12 +1215,12 @@ mbim_proxy_new (GError **error)
>>> {
>>> MbimProxy *self;
>>>
>>> - /* Only root can run the mbim-proxy */
>>> - if (getuid () != 0) {
>>> + /* Only the specified UID can run the mbim-proxy */
>>> + if (getuid () != MBIM_PROXY_UID) {
>>> g_set_error (error,
>>> MBIM_CORE_ERROR,
>>> MBIM_CORE_ERROR_FAILED,
>>> - "Not enough privileges");
>>> + "Not started with the expected UID: %u",
>>> MBIM_PROXY_UID);
>>> return NULL;
>>> }
>>>
>>> --
>>> 2.1.0.rc2.206.gedb03e5
>>>
>>> _______________________________________________
>>> ModemManager-devel mailing list
>>> ModemManager-devel at lists.freedesktop.org
>>> http://lists.freedesktop.org/mailman/listinfo/modemmanager-devel
>>>
>>
>>
>>
>> --
>> Regards,
>> Prathmesh
>>
>>
>
> _______________________________________________
> ModemManager-devel mailing list
> ModemManager-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/modemmanager-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/modemmanager-devel/attachments/20141105/c9e9b5dd/attachment.html>
More information about the ModemManager-devel
mailing list