diff options
| author | Andrej Mihajlov <and@mullvad.net> | 2018-02-08 18:03:04 +0100 |
|---|---|---|
| committer | Andrej Mihajlov <and@mullvad.net> | 2018-02-13 11:06:15 +0100 |
| commit | 339fe63ad8e0bed7d31b5d872756ef229d280a12 (patch) | |
| tree | 33c1361d77c2bc06ff2ae491326488152a53f31d | |
| parent | 545c0dddaa2a16e1bcdc050be4c5217d3a629ac5 (diff) | |
| download | mullvadvpn-339fe63ad8e0bed7d31b5d872756ef229d280a12.tar.xz mullvadvpn-339fe63ad8e0bed7d31b5d872756ef229d280a12.zip | |
Add RPC address file check for windows
| -rw-r--r-- | app/lib/rpc-file-security.js | 32 | ||||
| -rw-r--r-- | app/main.js | 21 | ||||
| -rw-r--r-- | package.json | 1 |
3 files changed, 42 insertions, 12 deletions
diff --git a/app/lib/rpc-file-security.js b/app/lib/rpc-file-security.js new file mode 100644 index 0000000000..da777d9b78 --- /dev/null +++ b/app/lib/rpc-file-security.js @@ -0,0 +1,32 @@ +// @flow + +import fs from 'fs'; + +export function canTrustRpcAddressFile(path: string): boolean { + const platform = process.platform; + switch(platform) { + case 'win32': + return isOwnedByLocalSystem(path); + case 'darwin': + case 'linux': + return isOwnedAndOnlyWritableByRoot(path); + default: + throw new Error(`Unknown platform: ${platform}`); + } +} + +function isOwnedAndOnlyWritableByRoot(path: string): boolean { + const stat = fs.statSync(path); + const isOwnedByRoot = stat.uid === 0; + const isOnlyWritableByOwner = (stat.mode & parseInt('022', 8)) === 0; + + return isOwnedByRoot && isOnlyWritableByOwner; +} + +function isOwnedByLocalSystem(path: string): boolean { + const winsec = require('windows-security'); + const ownerSid = winsec.getFileOwnerSid(path, null); + const isWellKnownSid = winsec.isWellKnownSid(ownerSid, winsec.WellKnownSid.LocalSystemSid); + + return isWellKnownSid; +}
\ No newline at end of file diff --git a/app/main.js b/app/main.js index 8cda655f47..b685a27bf9 100644 --- a/app/main.js +++ b/app/main.js @@ -10,6 +10,7 @@ import shellescape from 'shell-escape'; import { version } from '../package.json'; import { parseIpcCredentials } from './lib/backend'; import { resolveBin } from './lib/proc'; +import { canTrustRpcAddressFile } from './lib/rpc-file-security'; import { execFile } from 'child_process'; import uuid from 'uuid'; @@ -243,11 +244,15 @@ const appDelegate = { return; } - log.debug('Reading the ipc connection info from', rpcAddressFile); + log.debug(`Reading the ipc connection info from "${rpcAddressFile}"`); - const isSecureEnough = isOwnedAndOnlyWritableByRoot(rpcAddressFile); - if (!isSecureEnough) { - log.error('Not trusting the contents of', rpcAddressFile, 'as it was not owned and only writable by root.'); + try { + if (!canTrustRpcAddressFile(rpcAddressFile)) { + log.error(`Not trusting the contents of "${rpcAddressFile}".`); + return; + } + } catch(e) { + log.error(`Cannot verify the credibility of RPC address file: ${e.message}`); return; } @@ -434,11 +439,3 @@ const appDelegate = { }; appDelegate.setup(); - -function isOwnedAndOnlyWritableByRoot(path) { - const stat = fs.statSync(path); - const isOwnedByRoot = stat.uid === 0; - const isOnlyWritableByOwner = (stat.mode & parseInt('022', 8)) === 0; - - return isOwnedByRoot && isOnlyWritableByOwner; -} diff --git a/package.json b/package.json index 9365d0c5c6..a23201b07c 100644 --- a/package.json +++ b/package.json @@ -37,6 +37,7 @@ }, "optionalDependencies": { "nseventmonitor": "git+https://github.com/pronebird/NSEventMonitor.git#0.0.6", + "windows-security": "git+https://github.com/pronebird/windows-security.git#0.0.1" }, "devDependencies": { "babel-cli": "^6.22.2", |