From ad94eaf0b83363afe787b2ae33108a97bb15e6a1 Mon Sep 17 00:00:00 2001
From: Teddy Reed <teddy@prosauce.org>
Date: Wed, 22 Jul 2015 10:15:39 -0700
Subject: [PATCH] [Fix #1367] Disable user-controlled FIFO reads

---
 osquery/filesystem/filesystem.cpp | 2 ++
 osquery/tables/utility/file.cpp   | 7 -------
 2 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/osquery/filesystem/filesystem.cpp b/osquery/filesystem/filesystem.cpp
index b567c1d0..7d1771e0 100644
--- a/osquery/filesystem/filesystem.cpp
+++ b/osquery/filesystem/filesystem.cpp
@@ -72,6 +72,8 @@ Status readFile(const fs::path& path, std::string& content, bool dry_run) {
 
   if (stat(path.string().c_str(), &file) < 0) {
     return Status(1, "Cannot access path: " + path.string());
+  } else if (file.st_uid != 0 && S_ISFIFO(file.st_mode)) {
+    return Status(1, "User FIFO reads are disabled");
   }
 
   // Apply the max byte-read based on file/link target ownership.
diff --git a/osquery/tables/utility/file.cpp b/osquery/tables/utility/file.cpp
index 5e5347a1..c2f2876e 100644
--- a/osquery/tables/utility/file.cpp
+++ b/osquery/tables/utility/file.cpp
@@ -71,10 +71,6 @@ QueryData genFile(QueryContext& context) {
 
   auto paths = context.constraints["path"].getAll(EQUALS);
   for (const auto& path_string : paths) {
-    if (!isReadable(path_string)) {
-      continue;
-    }
-
     fs::path path = path_string;
     genFileInfo(path_string,
                 path.filename().string(),
@@ -120,9 +116,6 @@ QueryData genFile(QueryContext& context) {
     }
 
     for (const auto& resolved : expanded_patterns) {
-      if (!isReadable(resolved)) {
-        continue;
-      }
       fs::path path = resolved;
       genFileInfo(resolved,
                   path.filename().string(),