search

termux / termux-api

Termux add-on app which exposes device functionality as API to command line programs.
https://f-droid.org/en/packages/com.termux.api/
2.24k stars 449 forks source link

Check UID of the socket connection #501

Open tareksander opened 2 years ago

tareksander commented 2 years ago

Because the sockets are created in the abstract namespace, anyone could create them or connect to them.
With the recent vulnerabilities in Termux maybe it would be good to add a UID check and only allow Termux and root to connect, the same on the termux-api-package side.

agnostic-apollo commented 2 years ago

Gonna start reviewing code now for sockets in termux-api and termux-app. You did apparently put a UID check on app side. If we use file system socket from termux-app, then probably should not be a problem. Will look into it.

https://github.com/termux/termux-api/blob/ba2836ba60083b54dcdb6a3a926777f3f0704829/app/src/main/java/com/termux/api/SocketListener.java#L45

tareksander commented 2 years ago

For the main Termux app it's sort of a last line of defense, you would have to have really messed up SELinux and filesystem permissions for other apps to even be able to see the socket file.

https://github.com/termux/termux-api/blob/ba2836ba60083b54dcdb6a3a926777f3f0704829/app/src/main/java/com/termux/api/SocketListener.java#L45

That check is only for the new direct connection, I meant the connection used when returning the result: https://github.com/termux/termux-api/blob/master/app/src/main/java/com/termux/api/util/ResultReturner.java
https://github.com/termux/termux-api-package/blob/master/termux-api.c#L409