From 332def46dad245421968fd030f8093aa0ad486ec Mon Sep 17 00:00:00 2001 From: ohemorange Date: Tue, 26 May 2020 12:02:33 -0700 Subject: [PATCH] Require explicit confirmation of snap plugin permissions before connecting (#8013) Fixes #7667. Implements the plan described in #7667. Here's a terminal log showing that it does so: ``` # sudo snap connect certbot:plugin certbot-dns-dnsimple error: cannot perform the following tasks: - Run hook prepare-plug-plugin of snap "certbot" (run hook "prepare-plug-plugin": ----- Only connect this interface if you trust the plugin author to have root on the system Run `snap set certbot trust-plugin-with-root=ok` to acknowledge this and then run this command again to perform the connection -----) # snap set certbot trust-plugin-with-root=ok # sudo snap connect certbot:plugin certbot-dns-dnsimple # sudo snap disconnect certbot:plugin certbot-dns-dnsimple:certbot # sudo snap connect certbot:plugin certbot-dns-dnsimple error: cannot perform the following tasks: - Run hook prepare-plug-plugin of snap "certbot" (run hook "prepare-plug-plugin": ----- Only connect this interface if you trust the plugin author to have root on the system Run `snap set certbot trust-plugin-with-root=ok` to acknowledge this and then run this command again to perform the connection -----) ``` * Add plugin connection hook to accept root trust * snapctl requires a configure hook to set options * Add sh notice * Update changelog --- certbot/CHANGELOG.md | 2 +- snap/hooks/configure | 3 +++ snap/hooks/prepare-plug-plugin | 11 +++++++++++ 3 files changed, 15 insertions(+), 1 deletion(-) create mode 100644 snap/hooks/configure create mode 100644 snap/hooks/prepare-plug-plugin diff --git a/certbot/CHANGELOG.md b/certbot/CHANGELOG.md index 9f5ce6226..8e5a7bc78 100644 --- a/certbot/CHANGELOG.md +++ b/certbot/CHANGELOG.md @@ -6,7 +6,7 @@ Certbot adheres to [Semantic Versioning](https://semver.org/). ### Added -* +* Require explicit confirmation of snap plugin permissions before connecting. ### Changed diff --git a/snap/hooks/configure b/snap/hooks/configure new file mode 100644 index 000000000..2678c47b2 --- /dev/null +++ b/snap/hooks/configure @@ -0,0 +1,3 @@ +#!/bin/bash -e + +exit 0 diff --git a/snap/hooks/prepare-plug-plugin b/snap/hooks/prepare-plug-plugin new file mode 100644 index 000000000..ee309addf --- /dev/null +++ b/snap/hooks/prepare-plug-plugin @@ -0,0 +1,11 @@ +#!/bin/bash -e + +if [ "$(snapctl get trust-plugin-with-root)" = "ok" ]; then + # allow the connection, but reset config to allow for other slots to go through this auth flow + snapctl unset trust-plugin-with-root + exit 0 +else + echo "Only connect this interface if you trust the plugin author to have root on the system" + echo "Run \`snap set $SNAP_NAME trust-plugin-with-root=ok\` to acknowledge this and then run this command again to perform the connection" + exit 1 +fi