Skip to content

Commit b70f669

Browse files
committed
Remove filesystem checks
This commit removes the filesystem checks for correct permissions on Parsec "assets". The checks can now be removed because the new locations in the filesystem mean that only a privileged user can create the files. Signed-off-by: Ionut Mihalcea <[email protected]>
1 parent dbd449a commit b70f669

File tree

4 files changed

+4
-115
lines changed

4 files changed

+4
-115
lines changed

Cargo.toml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,5 +24,4 @@ users = "0.10.0"
2424
mockstream = "0.0.3"
2525

2626
[features]
27-
testing = ["parsec-interface/testing", "no-fs-permission-check"]
28-
no-fs-permission-check = []
27+
testing = ["parsec-interface/testing"]

README.md

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -7,18 +7,6 @@
77
This repository contains a Rust client for consuming the API provided by the [Parsec service](https://github.com/parallaxsecond/parsec).
88
The low-level functionality that this library uses for IPC is implemented in the [interface crate](https://github.com/parallaxsecond/parsec-interface-rs).
99

10-
## Filesystem permission check
11-
12-
To make sure that the client is communicating with a trusted Parsec service, some permission checks
13-
are done on the socket location. Please see the
14-
[Recommendations for Secure Deployment](https://parallaxsecond.github.io/parsec-book/threat_model/secure_deployment.html)
15-
for more information.
16-
This feature is activated by default but, knowing the risks, you can remove it with:
17-
```
18-
cargo build --features no-fs-permission-check
19-
```
20-
It is also desactivated for testing.
21-
2210
## License
2311

2412
The software is provided under Apache-2.0. Contributions to this project are accepted under the same license.

src/core/ipc_handler/unix_socket.rs

Lines changed: 0 additions & 82 deletions
Original file line numberDiff line numberDiff line change
@@ -7,17 +7,6 @@ use std::os::unix::net::UnixStream;
77
use std::path::PathBuf;
88
use std::time::Duration;
99

10-
#[cfg(not(feature = "no-fs-permission-check"))]
11-
use log::error;
12-
#[cfg(not(feature = "no-fs-permission-check"))]
13-
use std::ffi::OsStr;
14-
#[cfg(not(feature = "no-fs-permission-check"))]
15-
use std::fs;
16-
#[cfg(not(feature = "no-fs-permission-check"))]
17-
use std::io::{Error, ErrorKind};
18-
#[cfg(not(feature = "no-fs-permission-check"))]
19-
use std::os::unix::fs::MetadataExt;
20-
2110
const DEFAULT_SOCKET_PATH: &str = "/run/parsec/parsec.sock";
2211
const DEFAULT_TIMEOUT: Duration = Duration::from_secs(1);
2312

@@ -32,9 +21,6 @@ pub struct Handler {
3221

3322
impl Connect for Handler {
3423
fn connect(&self) -> Result<Box<dyn ReadWrite>> {
35-
#[cfg(not(feature = "no-fs-permission-check"))]
36-
self.secure_parsec_socket_folder()?;
37-
3824
let stream = UnixStream::connect(self.path.clone()).map_err(ClientErrorKind::Ipc)?;
3925

4026
stream
@@ -57,74 +43,6 @@ impl Handler {
5743
pub fn new(path: PathBuf, timeout: Option<Duration>) -> Self {
5844
Handler { path, timeout }
5945
}
60-
61-
/// Checks if the socket is inside a folder with correct owners and permissions to make sure it
62-
/// is from the Parsec service.
63-
#[cfg(not(feature = "no-fs-permission-check"))]
64-
fn secure_parsec_socket_folder(&self) -> Result<()> {
65-
let mut socket_dir = self.path.clone();
66-
if !socket_dir.pop() {
67-
return Err(ClientErrorKind::Ipc(Error::new(
68-
ErrorKind::Other,
69-
"Socket permission checks failed",
70-
))
71-
.into());
72-
}
73-
let meta = fs::metadata(socket_dir).map_err(ClientErrorKind::Ipc)?;
74-
75-
match users::get_user_by_uid(meta.uid()) {
76-
Some(user) => {
77-
if user.name() != OsStr::new("parsec") {
78-
error!("The socket directory must be owned by the parsec user.");
79-
return Err(ClientErrorKind::Ipc(Error::new(
80-
ErrorKind::Other,
81-
"Socket permission checks failed",
82-
))
83-
.into());
84-
}
85-
}
86-
None => {
87-
error!("Can not find socket directory user owner.");
88-
return Err(ClientErrorKind::Ipc(Error::new(
89-
ErrorKind::Other,
90-
"Socket permission checks failed",
91-
))
92-
.into());
93-
}
94-
}
95-
96-
match users::get_group_by_gid(meta.gid()) {
97-
Some(group) => {
98-
if group.name() != OsStr::new("parsec-clients") {
99-
error!("The socket directory must be owned by the parsec-clients group.");
100-
return Err(ClientErrorKind::Ipc(Error::new(
101-
ErrorKind::Other,
102-
"Socket permission checks failed",
103-
))
104-
.into());
105-
}
106-
}
107-
None => {
108-
error!("Can not find socket directory group owner.");
109-
return Err(ClientErrorKind::Ipc(Error::new(
110-
ErrorKind::Other,
111-
"Socket permission checks failed",
112-
))
113-
.into());
114-
}
115-
}
116-
117-
if (meta.mode() & 0o777) != 0o750 {
118-
error!("The permission bits of the folder containing the Parsec socket must be 750.");
119-
return Err(ClientErrorKind::Ipc(Error::new(
120-
ErrorKind::Other,
121-
"Socket permission checks failed",
122-
))
123-
.into());
124-
}
125-
126-
Ok(())
127-
}
12846
}
12947

13048
impl Default for Handler {

src/error.rs

Lines changed: 3 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -63,26 +63,10 @@ impl PartialEq for ClientErrorKind {
6363
}
6464
}
6565
ClientErrorKind::InvalidServiceResponseType => {
66-
if let ClientErrorKind::InvalidServiceResponseType = other {
67-
true
68-
} else {
69-
false
70-
}
71-
}
72-
ClientErrorKind::InvalidProvider => {
73-
if let ClientErrorKind::InvalidProvider = other {
74-
true
75-
} else {
76-
false
77-
}
78-
}
79-
ClientErrorKind::NoProvider => {
80-
if let ClientErrorKind::NoProvider = other {
81-
true
82-
} else {
83-
false
84-
}
66+
matches!(other, ClientErrorKind::InvalidServiceResponseType)
8567
}
68+
ClientErrorKind::InvalidProvider => matches!(other, ClientErrorKind::InvalidProvider),
69+
ClientErrorKind::NoProvider => matches!(other, ClientErrorKind::NoProvider),
8670
}
8771
}
8872
}

0 commit comments

Comments
 (0)