Put gsr kms socket in HOME (with random characters) to make sure it works in flatpak as well

2023-04-09 16:39:19 +02:00 · 2023-04-09 16:39:19 +02:00 · efea5741ca
commit efea5741ca
parent 7dcf3a68cc
2 changed files with 37 additions and 7 deletions
--- a/kms/client/kms_client.c
+++ b/kms/client/kms_client.c
@ -7,6 +7,7 @@
 #include <signal.h>
 #include <limits.h>
 #include <stdbool.h>
 #include <fcntl.h>
 #include <sys/socket.h>
 #include <sys/un.h>
 #include <sys/wait.h>
@ -16,6 +17,28 @@ static bool is_inside_flatpak(void) {
    return getenv("FLATPAK_ID") != NULL;
 }
 static bool generate_random_characters(char *buffer, int buffer_size, const char *alphabet, size_t alphabet_size) {
    int fd = open("/dev/urandom", O_RDONLY);
    if(fd == -1) {
        perror("/dev/urandom");
        return false;
    }
    if(read(fd, buffer, buffer_size) < buffer_size) {
        fprintf(stderr, "Failed to read %d bytes from /dev/urandom\n", buffer_size);
        close(fd);
        return false;
    }
    for(int i = 0; i < buffer_size; ++i) {
        unsigned char c = *(unsigned char*)&buffer[i];
        buffer[i] = alphabet[c % alphabet_size];
    }
    close(fd);
    return true;
 }
 static int send_msg_to_server(int server_fd, gsr_kms_request *request) {
    struct iovec iov;
    iov.iov_base = request;
@ -72,6 +95,19 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) {
    struct sockaddr_un local_addr = {0};
    struct sockaddr_un remote_addr = {0};
    // Can't use /tmp because of flatpak
    const char *home_path = getenv("HOME");
    if(!home_path)
        home_path = "/tmp";
    char random_characters[11];
    random_characters[10] = '\0';
    if(!generate_random_characters(random_characters, 10, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 62)) {
        fprintf(stderr, "gsr error: gsr_kms_client_init: failed to create path to kms socket\n");
        return -1;
    }
    snprintf(self->socket_path, sizeof(self->socket_path), "%s/.gsr-kms-socket-%s", home_path, random_characters);
    // This doesn't work on nixos, but we dont want to use $PATH because we want to make this as safe as possible by running pkexec
    // on a path that only root can modify. If we use "gsr-kms-server" instead then $PATH can be modified in ~/.bashrc for example
    // which will overwrite the path to gsr-kms-server and the user can end up running a malicious program that pretends to be gsr-kms-server.
@ -114,12 +150,6 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) {
        goto err;
    }
    strcpy(self->socket_path, "/tmp/gsr-kms-socket-XXXXXX");
    if(!tmpnam(self->socket_path)) {
        fprintf(stderr, "gsr error: gsr_kms_client_init: mkstemp failed, error: %s\n", strerror(errno));
        goto err;
    }
    self->socket_fd = socket(AF_UNIX, SOCK_STREAM, 0);
    if(self->socket_fd == -1) {
        fprintf(stderr, "gsr error: gsr_kms_client_init: socket failed, error: %s\n", strerror(errno));
--- a/kms/client/kms_client.h
+++ b/kms/client/kms_client.h
@ -8,7 +8,7 @@ typedef struct {
    pid_t kms_server_pid;
    int socket_fd;
    int client_fd;
-    char socket_path[27];
+    char socket_path[255];
    char *card_path;
 } gsr_kms_client;