Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 331310

Summary:

swtlib-64 is created and left behind in tmp directory in world writable mode (chmod 777). This is a security issue.

Product:

[Eclipse Project] Platform

Reporter:

Stefan Rufer <mail>

Component:

SWT

Assignee:

Silenio Quarti <Silenio_Quarti>

Status:

RESOLVED FIXED

QA Contact:

Severity:

normal

Priority:

CC:

hashproduct+eclipse, Silenio_Quarti

Version:

4.1

Target Milestone:

3.7 M5

Hardware:

Other

OS:

Linux

Whiteboard:

Attachments:

Description	Flags
fix	none

Description Stefan Rufer

2010-11-29 05:00:05 EST

Build Identifier: SWT 3.5.0.v3550b

Using Eclipse Memory Analyzer 1.0.1 I noticed that SWT is leaving behind temporary data in /tmp, namely the directory /tmp/swtlib-64 in our case. This directory is world writable and reported as security issue by our systems.

The problematic code line is 
  Runtime.getRuntime ().exec (new String []{"chmod", "777", path}).waitFor(); //$NON-NLS-1$ //$NON-NLS-2$
in 
  org.eclipse.swt.internal.Library

It is not trivial to resolve as the current approach assumes that the swtlib can be shared system wide (hence world writable flag is necessary). However, this assumption is challenged on security sensitive systems with multiple users. 

Code could be injected into the SWT libraries and would be executed with the rights of the user running any Eclipse product on the same system.


Reproducible: Always

Steps to Reproduce:
1. Check /tmp and remove potentially existing directory swtlib-64:
   txruf@passent1:/tmp/ [] ls swtlib-64
   /bin/ls: swtlib-64: No such file or directory
2. Run an Eclipse product - e.g. Eclipse Memory Analyzer.
3. Check /tmp, it will contain swtlib-64 with world writable flag set:
   txruf@passent1:/tmp/ [] ll swtlib-64
   total 196
   drwxrwxrwx  2 txruf txruf    80 2010-11-29 10:47 .
   drwxrwxrwt 22 root  root    700 2010-11-29 10:47 ..
   -rwxr-xr-x  1 txruf txruf 89120 2010-11-29 10:47 libswt-mozilla-gcc3-gtk-3550.so
   -rwxr-xr-x  1 txruf txruf 93192 2010-11-29 10:47 libswt-mozilla-gtk-3550.so
4. Different user replaces original library with modified version:
   tpdev@svwdpass16:/tmp/swtlib-64/ [rdbms10204] mv libswt-mozilla-gcc3-gtk-3550.so libswt-mozilla-gcc3-gtk-3550.so.original
   tpdev@svwdpass16:/tmp/swtlib-64/ [rdbms10204] touch libswt-mozilla-gcc3-gtk-3550.so
   tpdev@svwdpass16:/tmp/swtlib-64/ [rdbms10204] ll
   total 196
   drwxrwxrwx  2 txruf txruf   100 2010-11-29 10:48 .
   drwxrwxrwt 22 root  root    700 2010-11-29 10:48 ..
   -rw-r--r--  1 tpdev tpdev     0 2010-11-29 10:48 libswt-mozilla-gcc3-gtk-3550.so
   -rwxr-xr-x  1 txruf txruf 89120 2010-11-29 10:47 libswt-mozilla-gcc3-gtk-3550.so.original
   -rwxr-xr-x  1 txruf txruf 93192 2010-11-29 10:47 libswt-mozilla-gtk-3550.so

Comment 1 Matt McCutchen

2011-01-07 13:23:54 EST

Yep.  This was implemented in bug 278413.  A workaround is to extract the libraries manually and set the "swt.library.path" system property; then SWT will not use /tmp at all.

Comment 2 Silenio Quarti

2011-01-07 16:51:02 EST

Created attachment 186318 [details]
fix

This patch extracts the library to the user.home instead of the shared tmp directory. The permissions on the files/directories created are 755. The complete path to the library is <user.home>/.swt/lib/<os.name>/<os.arch>/.

Comment 3 Silenio Quarti

2011-01-07 16:51:54 EST

Fixed > 20110107