diff options
| author | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2018-06-19 16:52:27 +1000 |
|---|---|---|
| committer | Samuel Mendoza-Jonas <sam@mendozajonas.com> | 2018-12-03 14:39:57 +1100 |
| commit | 121d6bb265e991a237e9d07cfd84eed5a3ce3d57 (patch) | |
| tree | 4a672e9012c6154423e4a386601bd2e4cbf0251f | |
| parent | 336f4eb17fb50526ea9fda82262356581e1b9ae0 (diff) | |
| download | talos-petitboot-121d6bb265e991a237e9d07cfd84eed5a3ce3d57.tar.gz talos-petitboot-121d6bb265e991a237e9d07cfd84eed5a3ce3d57.zip | |
discover/device-handler: Prevent normal users changing boot target
Signed-off-by: Samuel Mendoza-Jonas <sam@mendozajonas.com>
| -rw-r--r-- | discover/device-handler.c | 14 | ||||
| -rw-r--r-- | discover/device-handler.h | 2 |
2 files changed, 14 insertions, 2 deletions
diff --git a/discover/device-handler.c b/discover/device-handler.c index 729ed2c..e446cab 100644 --- a/discover/device-handler.c +++ b/discover/device-handler.c @@ -81,6 +81,7 @@ struct device_handler { struct autoboot_option *temp_autoboot; struct discover_boot_option *default_boot_option; + struct discover_boot_option *last_boot_option; int default_boot_option_priority; struct list unresolved_boot_options; @@ -756,6 +757,8 @@ static int default_timeout(void *arg) opt = handler->default_boot_option; + handler->last_boot_option = opt; + if (handler->sec_to_boot) { countdown_status(handler, opt, handler->sec_to_boot); handler->sec_to_boot--; @@ -1453,13 +1456,22 @@ static struct discover_boot_option *find_boot_option_by_id( } void device_handler_boot(struct device_handler *handler, - struct boot_command *cmd) + bool change_default, struct boot_command *cmd) { struct discover_boot_option *opt = NULL; if (cmd->option_id && strlen(cmd->option_id)) opt = find_boot_option_by_id(handler, cmd->option_id); + /* Don't allow a normal client to change the default */ + if (!change_default && handler->last_boot_option && + opt != handler->last_boot_option) { + pb_log("Non-root user tried to change boot option\n"); + device_handler_status_err(handler, + "Must be root to change default boot option\n"); + return; + } + if (handler->pending_boot) boot_cancel(handler->pending_boot); diff --git a/discover/device-handler.h b/discover/device-handler.h index 9696ec0..9619a2d 100644 --- a/discover/device-handler.h +++ b/discover/device-handler.h @@ -161,7 +161,7 @@ struct discover_boot_option *device_handler_find_option_by_name( struct device_handler *handler, const char *device, const char *name); void device_handler_boot(struct device_handler *handler, - struct boot_command *cmd); + bool change_default, struct boot_command *cmd); void device_handler_cancel_default(struct device_handler *handler); void device_handler_update_config(struct device_handler *handler, struct config *config); |
