From 4064563ea326f6f26d2c458009beb9ebdb3ba840 Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Fri, 14 Aug 2020 16:59:18 -0400 Subject: [PATCH] Fix: sessiond: erroneous user check logic in session_access_ok MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The current session_access_ok logic disallows the access to a session when: uid != session->uid && gid != session->gid && uid != 0 This means that any user that is part of the same primary group as the session's owner can access the session. The primary group is not necessarily (and most likely) not the `tracing` group. For instance: - the session has uid = 1000, gid = 100 - the current user has uid = 1001, gid = 100 access to the session is granted. Signed-off-by: Jérémie Galarneau Change-Id: I2e9208286e5508315dae90cb25d34133ca5edcc0 --- src/bin/lttng-sessiond/session.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/bin/lttng-sessiond/session.c b/src/bin/lttng-sessiond/session.c index 95395c282..3358648f6 100644 --- a/src/bin/lttng-sessiond/session.c +++ b/src/bin/lttng-sessiond/session.c @@ -1303,7 +1303,13 @@ int session_access_ok(struct ltt_session *session, uid_t uid, gid_t gid) { assert(session); - if (uid != session->uid && gid != session->gid && uid != 0) { + if (uid == 0) { + return 1; + } + + return uid == session->uid && gid == session->gid; + + if ((uid != session->uid || gid != session->gid) && uid != 0) { return 0; } else { return 1; -- 2.34.1