From 121d6bb265e991a237e9d07cfd84eed5a3ce3d57 Mon Sep 17 00:00:00 2001 From: Samuel Mendoza-Jonas Date: Tue, 19 Jun 2018 16:52:27 +1000 Subject: discover/device-handler: Prevent normal users changing boot target Signed-off-by: Samuel Mendoza-Jonas --- discover/device-handler.c | 14 +++++++++++++- discover/device-handler.h | 2 +- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/discover/device-handler.c b/discover/device-handler.c index 729ed2c..e446cab 100644 --- a/discover/device-handler.c +++ b/discover/device-handler.c @@ -81,6 +81,7 @@ struct device_handler { struct autoboot_option *temp_autoboot; struct discover_boot_option *default_boot_option; + struct discover_boot_option *last_boot_option; int default_boot_option_priority; struct list unresolved_boot_options; @@ -756,6 +757,8 @@ static int default_timeout(void *arg) opt = handler->default_boot_option; + handler->last_boot_option = opt; + if (handler->sec_to_boot) { countdown_status(handler, opt, handler->sec_to_boot); handler->sec_to_boot--; @@ -1453,13 +1456,22 @@ static struct discover_boot_option *find_boot_option_by_id( } void device_handler_boot(struct device_handler *handler, - struct boot_command *cmd) + bool change_default, struct boot_command *cmd) { struct discover_boot_option *opt = NULL; if (cmd->option_id && strlen(cmd->option_id)) opt = find_boot_option_by_id(handler, cmd->option_id); + /* Don't allow a normal client to change the default */ + if (!change_default && handler->last_boot_option && + opt != handler->last_boot_option) { + pb_log("Non-root user tried to change boot option\n"); + device_handler_status_err(handler, + "Must be root to change default boot option\n"); + return; + } + if (handler->pending_boot) boot_cancel(handler->pending_boot); diff --git a/discover/device-handler.h b/discover/device-handler.h index 9696ec0..9619a2d 100644 --- a/discover/device-handler.h +++ b/discover/device-handler.h @@ -161,7 +161,7 @@ struct discover_boot_option *device_handler_find_option_by_name( struct device_handler *handler, const char *device, const char *name); void device_handler_boot(struct device_handler *handler, - struct boot_command *cmd); + bool change_default, struct boot_command *cmd); void device_handler_cancel_default(struct device_handler *handler); void device_handler_update_config(struct device_handler *handler, struct config *config); -- cgit v1.2.1