From ab8c4db85b338f90af8212664460f641ec4ad1ca Mon Sep 17 00:00:00 2001 From: Oliver Jowett Date: Thu, 19 Feb 2015 22:41:39 +0000 Subject: [PATCH] Fix edge cases when specifying the user to run as. * check the username fits the format expected by adduser; * don't allow root; * if the user exists, don't try to create it; usually, this is harmless, but it fails if the user exists with a UID outside the normal range for system users. Fixes #24. --- debian/changelog | 10 ++++++++++ debian/dump1090-mutability.config | 15 +++++++++++++-- debian/dump1090-mutability.init | 6 +++--- debian/dump1090-mutability.postinst | 5 ++++- debian/dump1090-mutability.templates | 4 ++++ 5 files changed, 34 insertions(+), 6 deletions(-) diff --git a/debian/changelog b/debian/changelog index 3784aaa..5a61338 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +dump1090-mutability (1.15) UNRELEASED; urgency=medium + + * In development. + * Validate that the username given to debconf is syntactically OK and + isn't root. (github issue #24) + * Don't fail on postinst if the given user exists but is outside + the usual system user UID range. (github issue #24) + + -- Oliver Jowett Thu, 19 Feb 2015 22:39:19 +0000 + dump1090-mutability (1.14) unstable; urgency=medium * Position reporting: diff --git a/debian/dump1090-mutability.config b/debian/dump1090-mutability.config index 8901f89..b7bd76e 100644 --- a/debian/dump1090-mutability.config +++ b/debian/dump1090-mutability.config @@ -69,7 +69,7 @@ db_input_verify() { while : do db_get $KEY - if $VERIFY $RET; then return 0; fi + if $VERIFY "$RET"; then return 0; fi if [ $RESULT -ne 0 ]; then # db_input failed, and the existing value does not validate if [ $RESULT = 30 ] && [ $ASKED = 0 ] @@ -161,6 +161,17 @@ is_not_empty() { if [ -z "$1" ]; then return 1; else return 0; fi } +# "adduser: To avoid problems, the username should consist only of +# letters, digits, underscores, full stops, at signs and dashes, and not start with +# a dash (as defined by IEEE Std 1003.1-2001). For compatibility with Samba +# machine accounts $ is also supported at the end of the username" +is_non_root_user() { + if [ -z "$1" ]; then return 1; + elif [ "$1" = "root" ]; then return 1; + elif echo "$1" | grep -Eq '^[a-zA-Z0-9_.@-]+\$?$'; then return 0; + else return 1; fi +} + is_port_number() { if is_unsigned_int "$1"; then if [ "$1" -eq 0 ]; then return 0; fi @@ -177,7 +188,7 @@ db_input high $NAME/auto-start || true db_go || true; db_get $NAME/auto-start; if [ "$RET" = "true" ]; then # all of these are only relevant if the init script is enabled - db_input_verify low $NAME/run-as-user is_not_empty || true + db_input_verify low $NAME/run-as-user is_non_root_user || true db_input_verify low $NAME/log-file is_not_empty || true db_input medium $NAME/rtlsdr-device || true diff --git a/debian/dump1090-mutability.init b/debian/dump1090-mutability.init index dd57e82..3a81af3 100644 --- a/debian/dump1090-mutability.init +++ b/debian/dump1090-mutability.init @@ -119,7 +119,7 @@ do_start() return 2 fi - start-stop-daemon --start --quiet --pidfile $PIDFILE --user $DUMP1090_USER --exec $DAEMON --test > /dev/null \ + start-stop-daemon --start --quiet --pidfile $PIDFILE --user "$DUMP1090_USER" --exec $DAEMON --test > /dev/null \ || return 1 # create JSON_DIR with the appropriate permissions @@ -130,7 +130,7 @@ do_start() fi fi - start-stop-daemon --start $NICELEVEL --quiet --pidfile $PIDFILE --user $DUMP1090_USER --chuid $DUMP1090_USER --make-pidfile --background --no-close --exec $DAEMON -- \ + start-stop-daemon --start $NICELEVEL --quiet --pidfile $PIDFILE --user "$DUMP1090_USER" --chuid "$DUMP1090_USER" --make-pidfile --background --no-close --exec $DAEMON -- \ $ARGS >>$LOGFILE 2>&1 \ || return 2 sleep 1 @@ -146,7 +146,7 @@ do_stop() # 1 if daemon was already stopped # 2 if daemon could not be stopped # other if a failure occurred - start-stop-daemon --stop --retry=TERM/30/KILL/5 --pidfile $PIDFILE --user $DUMP1090_USER --exec $DAEMON + start-stop-daemon --stop --retry=TERM/30/KILL/5 --pidfile $PIDFILE --user "$DUMP1090_USER" --exec $DAEMON RETVAL="$?" [ "$RETVAL" = 2 ] && return 2 sleep 1 diff --git a/debian/dump1090-mutability.postinst b/debian/dump1090-mutability.postinst index d33d600..2b48170 100644 --- a/debian/dump1090-mutability.postinst +++ b/debian/dump1090-mutability.postinst @@ -97,7 +97,10 @@ case "$1" in db_get $NAME/auto-start if [ "$RET" = "true" ]; then db_get $NAME/run-as-user - adduser --system --home /usr/share/$NAME --no-create-home --quiet "$RET" + if ! getent passwd "$RET" >/dev/null + then + adduser --system --home /usr/share/$NAME --no-create-home --quiet "$RET" + fi fi # -10 changed the lighttpd config file, but didn't arrange to restart it. diff --git a/debian/dump1090-mutability.templates b/debian/dump1090-mutability.templates index 5152930..0302d70 100644 --- a/debian/dump1090-mutability.templates +++ b/debian/dump1090-mutability.templates @@ -332,3 +332,7 @@ Type: error Template: dump1090-mutability/invalid-is_valid_gain Description: Value must be a numeric gain value, or "max", or "agc". Type: error + +Template: dump1090-mutability/invalid-is_non_root_user +Description: Value must be a username (without spaces) that isn't root. +Type: error