From 9881a774b6414ebf6b21ad980c6375a3608105e9 Mon Sep 17 00:00:00 2001
From: obarun <eric@obarun.org>
Date: Sun, 12 Mar 2023 01:42:49 +1100
Subject: [PATCH] fix permissions with -o options
---
src/lib66/exec/ssexec_scandir_create.c | 59 +++++++++++++++++++++++---
1 file changed, 52 insertions(+), 7 deletions(-)
diff --git a/src/lib66/exec/ssexec_scandir_create.c b/src/lib66/exec/ssexec_scandir_create.c
index 150a0166..0b6a8e25 100644
--- a/src/lib66/exec/ssexec_scandir_create.c
+++ b/src/lib66/exec/ssexec_scandir_create.c
@@ -83,6 +83,20 @@ static void inline auto_dir(char const *str,mode_t mode)
log_trace("create directory: ",str) ;
if (!dir_create_parent(str,mode))
log_dieusys(LOG_EXIT_SYS,"create directory: ",str) ;
+
+ size_t n = strlen(str), i = 0 ;
+ char tmp[n + 1] ;
+ for (; i < n ; i++) {
+
+ if ((str[i] == '/') && i)
+ {
+ tmp[i] = 0 ;
+ auto_chown(tmp) ;
+ }
+ tmp[i] = str[i] ;
+ }
+
+ auto_chown(str) ;
}
static void inline auto_chmod(char const *str,mode_t mode)
@@ -97,9 +111,14 @@ static void inline auto_file(char const *dst,char const *file,char const *conten
{
log_flow() ;
- log_trace("write file: ",dst,"/",file) ;
+ char f[strlen(dst) + 1 + strlen(file) + 1] ;
+ auto_strings(f, dst, "/", file) ;
+
+ log_trace("write file: ", f) ;
if (!file_write_unsafe(dst,file,contents,conlen))
log_dieusys(LOG_EXIT_SYS,"write file: ",dst,"/",file) ;
+
+ auto_chown(f) ;
}
static void inline auto_check(char const *str,mode_t type,mode_t perm,int what)
@@ -274,8 +293,8 @@ void write_bootlog(char const *live, char const *scandir)
log_flow() ;
int r ;
- uid_t uid ;
- gid_t gid ;
+ uid_t uid = -1 ;
+ gid_t gid = -1 ;
size_t livelen = strlen(live), scandirlen = strlen(scandir), ownerlen = uid_fmt(OWNERSTR,OWNER), loglen = 0, blen = 0 ;
buffer b ;
char path[livelen + 4 + ownerlen + 1] ;
@@ -292,6 +311,7 @@ void write_bootlog(char const *live, char const *scandir)
auto_strings(logdir + loglen, "/fifo") ;
auto_fifo(logdir) ;
+ auto_chown(logdir) ;
/** set the log path for the run file
* /run/66/log*/
@@ -350,6 +370,7 @@ void write_bootlog(char const *live, char const *scandir)
auto_strings(logdir + loglen,"/run") ;
auto_chmod(logdir,0755) ;
+ auto_chown(logdir) ;
}
void write_control(char const *scandir,char const *live, char const *filename, int file)
@@ -501,6 +522,7 @@ void write_control(char const *scandir,char const *live, char const *filename, i
auto_strings(mode + scandirlen + SS_SVSCAN_LOG_LEN, filename) ;
auto_chmod(mode,0755) ;
+ auto_chown(mode) ;
}
void auto_empty_file(char const *dst, char const *filename, char const *contents)
@@ -512,6 +534,8 @@ void auto_empty_file(char const *dst, char const *filename, char const *contents
if (!file_write_unsafe_g(tmp, contents))
log_dieusys(LOG_EXIT_SYS, "create file: ", tmp) ;
+
+ auto_chown(tmp) ;
}
static void create_service_skel(char const *service, char const *target, char const *notif)
@@ -532,8 +556,12 @@ static void create_service_skel(char const *service, char const *target, char co
if (symlink("0", sym) < 0)
log_dieusys(LOG_EXIT_SYS, "symlink: ", sym) ;
+ if (lchown(sym, OWNER, GIDOWNER) < 0)
+ log_dieusys(LOG_EXIT_SYS, "chown: ", sym) ;
+
auto_strings(dst, target, "/", service, "/data/rules/gid/0") ;
auto_dir(dst, 0755) ;
+
auto_empty_file(dst, "/allow", "") ;
auto_strings(dst, target, "/", service, "/") ;
@@ -567,6 +595,8 @@ static void create_service_oneshot(char const *scandir)
if (chmod(dst, 0755) < 0)
log_dieusys(LOG_EXIT_SYS, "chmod: ", dst) ;
+
+ auto_chown(dst) ;
}
static void create_service_fdholder(char const *scandir)
@@ -590,6 +620,8 @@ static void create_service_fdholder(char const *scandir)
if(!openwritenclose_unsafe(dst, "^" SS_FDHOLDER_PIPENAME "\n", SS_FDHOLDER_PIPENAME_LEN + 2))
log_dieusys(LOG_EXIT_SYS, "write: ", dst) ;
+ auto_chown(dst) ;
+
char sym[fdlen + 48 + 1] ;
auto_strings(sym, scandir, "/", SS_FDHOLDER, "/data/rules/uid/0/env/S6_FDHOLDER_RETRIEVE_REGEX") ;
@@ -599,6 +631,9 @@ static void create_service_fdholder(char const *scandir)
if (symlink(dst, sym) < 0)
log_dieusys(LOG_EXIT_SYS, "symlink: ", dst) ;
+ if (lchown(sym, OWNER, GIDOWNER) < 0)
+ log_dieusys(LOG_EXIT_SYS, "chown: ", sym) ;
+
auto_strings(sym, scandir, "/", SS_FDHOLDER, "/data/rules/gid/0/env") ;
auto_strings(dst, "../../uid/0/env") ;
@@ -606,6 +641,9 @@ static void create_service_fdholder(char const *scandir)
if (symlink(dst, sym) < 0)
log_dieusys(LOG_EXIT_SYS, "symlink: ", dst) ;
+ if (lchown(sym, OWNER, GIDOWNER) < 0)
+ log_dieusys(LOG_EXIT_SYS, "chown: ", sym) ;
+
size_t runlen = strlen(SS_EXECLINE_SHEBANGPREFIX) + strlen(SS_LIBEXECPREFIX) + 277 + 1 ;
char run[runlen] ;
@@ -630,8 +668,8 @@ static void create_service_fdholder(char const *scandir)
if (!openwritenclose_unsafe(dst, run, strlen(run) - 1))
log_dieusys(LOG_EXIT_SYS, "write: ", dst) ;
- if (chmod(dst, 0755) < 0)
- log_dieusys(LOG_EXIT_SYS, "chmod: ", dst) ;
+ auto_chmod(dst, 0755) ;
+ auto_chown(dst) ;
auto_strings(dst, scandir, "/", SS_FDHOLDER, "/data/autofilled") ;
@@ -639,6 +677,7 @@ static void create_service_fdholder(char const *scandir)
if(!openwritenclose_unsafe(dst, "\n", 1))
log_dieusys(LOG_EXIT_SYS, "write: ", dst) ;
+ auto_chown(dst) ;
}
void create_scandir(char const *live, char const *scandir)
@@ -664,12 +703,13 @@ void create_scandir(char const *live, char const *scandir)
"/SIGQUIT", "/SIGTERM", "/SIGUSR1", "/SIGUSR2",
"/SIGPWR", "/SIGWINCH"
} ;
+
log_trace("write control file... ") ;
for (int i = 0 ; i < 9; i++)
write_control(scandir,live,file[i],i) ;
- if (BOOT)
- {
+ if (BOOT) {
+
if (CATCH_LOG)
write_bootlog(live, scandir) ;
@@ -712,6 +752,8 @@ void sanitize_live(char const *live)
int ssexec_scandir_create(int argc, char const *const *argv, ssexec_t *info)
{
+ log_flow() ;
+
int r ;
CONFIG_STR_LEN = compute_buf_size(SS_BINPREFIX, SS_EXTBINPREFIX, SS_EXTLIBEXECPREFIX, SS_LIBEXECPREFIX, SS_EXECLINE_SHEBANGPREFIX, 0) ;
@@ -736,6 +778,9 @@ int ssexec_scandir_create(int argc, char const *const *argv, ssexec_t *info)
case 'B' :
+ if (OWNER)
+ log_die(LOG_EXIT_USER, "-B options can be set only with root") ;
+
CONTAINER = 1 ;
BOOT = 1 ;
break ;
--
GitLab