From c4c70d96952ad67e95a02537b3720a18387d8ddb Mon Sep 17 00:00:00 2001 From: tylermurphy534 Date: Tue, 8 Nov 2022 20:40:57 -0500 Subject: [PATCH] fix non root tamper persist files --- src/main.rs | 24 +++++++++++++++++++++--- 1 file changed, 21 insertions(+), 3 deletions(-) diff --git a/src/main.rs b/src/main.rs index 66cff52..cd10277 100644 --- a/src/main.rs +++ b/src/main.rs @@ -1,9 +1,10 @@ use std::fs; +use std::os::linux::fs::MetadataExt; use std::{env, os::unix::prelude::PermissionsExt}; use std::process::ExitCode; use std::time::SystemTime; use pwd::Passwd; -use nix::{unistd}; +use nix::unistd; use serde_json::Value; extern crate time; @@ -37,7 +38,7 @@ fn main() -> ExitCode { let persist = match allowed(&config, &user.name) { Some(data) => data, None => { - eprintln!("Operation Not Permitted. This incidence will be reported."); + eprintln!("Operation Not Permitted."); return ExitCode::from(ERROR_NOT_AUTHORIZED); } }; @@ -137,11 +138,28 @@ fn get_terminal_process() -> Option { Some(stat.tty_nr) } +fn is_file_root_only(id: &i32) -> bool { + let metadata = match std::fs::metadata(path(&id)) { + Ok(data) => data, + Err(e) => { + if let Some(err) = e.raw_os_error() { + return err == 2; + } + return true + } + }; + let perms = metadata.permissions(); + return perms.mode() == 33200 && metadata.st_uid() == 0 && metadata.st_gid() == 0; +} + fn get_terminal_config() -> Option { let id = match get_terminal_process() { Some(data) => data, None => return None }; + if !is_file_root_only(&id) { + return None; + } let data = match std::fs::read_to_string(path(&id)) { Ok(data) => data, Err(_) => "{}".to_string() @@ -158,7 +176,7 @@ fn write_terminal_config(id: &i32, data: &str) -> Result<(), Box