Ensure the owner is root

William Li · William Li · commit e4cce5155c2f · 2021-09-15T15:40:03.000-07:00
diff --git a/src/Cli/dotnet/StatInterop.cs b/src/Cli/dotnet/StatInterop.cs
@@ -0,0 +1,73 @@
+﻿// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System;
+using System.Runtime.InteropServices;
+using Microsoft.Win32.SafeHandles;
+
+namespace Microsoft.DotNet.Cli
+{
+    // https://github.com/dotnet/runtime/blob/main/src/libraries/Common/src/Interop/Unix/System.Native/Interop.Stat.cs
+
+    internal static class StatInterop
+    {
+        // Even though csc will by default use a sequential layout, a CS0649 warning as error
+        // is produced for un-assigned fields when no StructLayout is specified.
+        //
+        // Explicitly saying Sequential disables that warning/error for consumers which only
+        // use Stat in debug builds.
+        [StructLayout(LayoutKind.Sequential)]
+        internal struct FileStatus
+        {
+            internal FileStatusFlags Flags;
+            internal int Mode;
+            internal uint Uid;
+            internal uint Gid;
+            internal long Size;
+            internal long ATime;
+            internal long ATimeNsec;
+            internal long MTime;
+            internal long MTimeNsec;
+            internal long CTime;
+            internal long CTimeNsec;
+            internal long BirthTime;
+            internal long BirthTimeNsec;
+            internal long Dev;
+            internal long Ino;
+            internal uint UserFlags;
+        }
+
+        [Flags]
+        internal enum Permissions
+        {
+            Mask = S_IRWXU | S_IRWXG | S_IRWXO,
+
+            S_IRWXU = S_IRUSR | S_IWUSR | S_IXUSR,
+            S_IRUSR = 0x100,
+            S_IWUSR = 0x80,
+            S_IXUSR = 0x40,
+
+            S_IRWXG = S_IRGRP | S_IWGRP | S_IXGRP,
+            S_IRGRP = 0x20,
+            S_IWGRP = 0x10,
+            S_IXGRP = 0x8,
+
+            S_IRWXO = S_IROTH | S_IWOTH | S_IXOTH,
+            S_IROTH = 0x4,
+            S_IWOTH = 0x2,
+            S_IXOTH = 0x1,
+
+            S_IXUGO = S_IXUSR | S_IXGRP | S_IXOTH,
+        }
+
+        [Flags]
+        internal enum FileStatusFlags
+        {
+            None = 0,
+            HasBirthTime = 1,
+        }
+
+        [DllImport("libSystem.Native", EntryPoint = "SystemNative_LStat", SetLastError = true)]
+        internal static extern int LStat(string path, out FileStatus output);
+    }
+}
diff --git a/src/Cli/dotnet/SudoEnvironmentDirectoryOverride.cs b/src/Cli/dotnet/SudoEnvironmentDirectoryOverride.cs
@@ -6,6 +6,7 @@
 using System.IO;
 using System.Linq;
 using Microsoft.DotNet.Cli.Utils;
+using Microsoft.DotNet.Tools.Common;
 using NuGet.Common;
 using NuGet.Configuration;
 
@@ -36,6 +37,18 @@ public static void OverrideEnvironmentVariableToTmp(ParseResult parseResult)
         {
             if (!OperatingSystem.IsWindows() && IsRunningUnderSudo() && IsRunningWorkloadCommand(parseResult))
             {
+                if (!TempHomeIsOnlyRootWritable(SudoHomeDirectory))
+                {
+                    try
+                    {
+                        Directory.Delete(SudoHomeDirectory, recursive: true);
+                    }
+                    catch (DirectoryNotFoundException)
+                    {
+                        // Avoid read after write race condition
+                    }
+                }
+
                 Directory.CreateDirectory(SudoHomeDirectory);
 
                 var homeBeforeOverride = Path.Combine(Environment.GetEnvironmentVariable("HOME"));
@@ -93,5 +106,31 @@ private static void CopyUserNuGetConfigToOverriddenHome(string homeBeforeOverrid
 
         private static bool IsRunningWorkloadCommand(ParseResult parseResult) =>
             parseResult.RootSubCommandResult() == (WorkloadCommandParser.GetCommand().Name);
+
+        private static bool TempHomeIsOnlyRootWritable(string path)
+        {
+            if (StatInterop.LStat(path, out StatInterop.FileStatus fileStat) != 0)
+            {
+                return false;
+            }
+
+            return IsOwnedByRoot(fileStat) && IsGroupWritable(fileStat) &&
+                   IsOtherUserWritable(fileStat);
+        }
+
+        private static bool IsOtherUserWritable(StatInterop.FileStatus fileStat)
+        {
+            return (fileStat.Mode & (int) StatInterop.Permissions.S_IWOTH) == 0;
+        }
+
+        private static bool IsGroupWritable(StatInterop.FileStatus fileStat)
+        {
+            return (fileStat.Mode & (int) StatInterop.Permissions.S_IWGRP) == 0;
+        }
+
+        private static bool IsOwnedByRoot(StatInterop.FileStatus fileStat)
+        {
+            return fileStat.Uid == 0;
+        }
     }
 }
