crashtracker: verify unix socket peer uid before parsing reports

libdd-crashtracker/src/receiver/entry_points.rs

@@ -7,6 +7,8 @@ use crate::CrashtrackerConfiguration;
 #[cfg(target_os = "linux")]
 use crate::StacktraceCollection;
 use anyhow::Context;
+#[cfg(target_os = "linux")]
+use std::os::fd::AsRawFd;
 use std::time::Duration;
 use tokio::{
     io::{AsyncBufReadExt, BufReader},
@@ -30,10 +32,38 @@ pub async fn async_receiver_entry_point_unix_listener(
     listener: &UnixListener,
 ) -> anyhow::Result<()> {
     let (unix_stream, _) = listener.accept().await?;
+    #[cfg(target_os = "linux")]
+    ensure_same_user(&unix_stream)?;
     let stream = BufReader::new(unix_stream);
     receiver_entry_point(receiver_timeout(), stream).await
 }
 
+#[cfg(target_os = "linux")]
+fn ensure_same_user(unix_stream: &tokio::net::UnixStream) -> anyhow::Result<()> {
+    let mut ucred = libc::ucred {
+        pid: 0,
+        uid: 0,
+        gid: 0,
+    };
+    let mut ucred_len = std::mem::size_of::<libc::ucred>() as libc::socklen_t;
+    let getsockopt_res = unsafe {
+        libc::getsockopt(
+            unix_stream.as_raw_fd(),
+            libc::SOL_SOCKET,
+            libc::SO_PEERCRED,
+            &mut ucred as *mut libc::ucred as *mut libc::c_void,
+            &mut ucred_len,
+        )
+    };
+
+    anyhow::ensure!(getsockopt_res == 0, "Failed to get unix peer credentials");
+    anyhow::ensure!(
+        ucred.uid == unsafe { libc::geteuid() },
+        "Refusing crash report from another user"
+    );
+    Ok(())
+}
+
 pub async fn async_receiver_entry_point_unix_socket(
     socket_path: impl AsRef<str>,
     one_shot: bool,