src/shared/clean-ipc.c

   1 /***
   2   This file is part of systemd.
   3
   4   Copyright 2014 Lennart Poettering
   5
   6   systemd is free software; you can redistribute it and/or modify it
   7   under the terms of the GNU Lesser General Public License as published by
   8   the Free Software Foundation; either version 2.1 of the License, or
   9   (at your option) any later version.
  10
  11   systemd is distributed in the hope that it will be useful, but
  12   WITHOUT ANY WARRANTY; without even the implied warranty of
  13   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  14   Lesser General Public License for more details.
  15
  16   You should have received a copy of the GNU Lesser General Public License
  17   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  18 ***/
  19
  20 #include <dirent.h>
  21 #include <errno.h>
  22 #include <fcntl.h>
  23 #include <limits.h>
  24 #include <mqueue.h>
  25 #include <stdbool.h>
  26 #include <stdio.h>
  27 #include <string.h>
  28 #include <sys/ipc.h>
  29 #include <sys/msg.h>
  30 #include <sys/sem.h>
  31 #include <sys/shm.h>
  32 #include <sys/stat.h>
  33 #include <unistd.h>
  34
  35 #include "clean-ipc.h"
  36 #include "dirent-util.h"
  37 #include "fd-util.h"
  38 #include "fileio.h"
  39 #include "formats-util.h"
  40 #include "log.h"
  41 #include "macro.h"
  42 #include "string-util.h"
  43 #include "strv.h"
  44
  45 static int clean_sysvipc_shm(uid_t delete_uid) {
  46         _cleanup_fclose_ FILE *f = NULL;
  47         char line[LINE_MAX];
  48         bool first = true;
  49         int ret = 0;
  50
  51         f = fopen("/proc/sysvipc/shm", "re");
  52         if (!f) {
  53                 if (errno == ENOENT)
  54                         return 0;
  55
  56                 return log_warning_errno(errno, "Failed to open /proc/sysvipc/shm: %m");
  57         }
  58
  59         FOREACH_LINE(line, f, goto fail) {
  60                 unsigned n_attached;
  61                 pid_t cpid, lpid;
  62                 uid_t uid, cuid;
  63                 gid_t gid, cgid;
  64                 int shmid;
  65
  66                 if (first) {
  67                         first = false;
  68                         continue;
  69                 }
  70
  71                 truncate_nl(line);
  72
  73                 if (sscanf(line, "%*i %i %*o %*u " PID_FMT " " PID_FMT " %u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
  74                            &shmid, &cpid, &lpid, &n_attached, &uid, &gid, &cuid, &cgid) != 8)
  75                         continue;
  76
  77                 if (n_attached > 0)
  78                         continue;
  79
  80                 if (uid != delete_uid)
  81                         continue;
  82
  83                 if (shmctl(shmid, IPC_RMID, NULL) < 0) {
  84
  85                         /* Ignore entries that are already deleted */
  86                         if (errno == EIDRM || errno == EINVAL)
  87                                 continue;
  88
  89                         ret = log_warning_errno(errno,
  90                                                 "Failed to remove SysV shared memory segment %i: %m",
  91                                                 shmid);
  92                 }
  93         }
  94
  95         return ret;
  96
  97 fail:
  98         return log_warning_errno(errno, "Failed to read /proc/sysvipc/shm: %m");
  99 }
 100
 101 static int clean_sysvipc_sem(uid_t delete_uid) {
 102         _cleanup_fclose_ FILE *f = NULL;
 103         char line[LINE_MAX];
 104         bool first = true;
 105         int ret = 0;
 106
 107         f = fopen("/proc/sysvipc/sem", "re");
 108         if (!f) {
 109                 if (errno == ENOENT)
 110                         return 0;
 111
 112                 return log_warning_errno(errno, "Failed to open /proc/sysvipc/sem: %m");
 113         }
 114
 115         FOREACH_LINE(line, f, goto fail) {
 116                 uid_t uid, cuid;
 117                 gid_t gid, cgid;
 118                 int semid;
 119
 120                 if (first) {
 121                         first = false;
 122                         continue;
 123                 }
 124
 125                 truncate_nl(line);
 126
 127                 if (sscanf(line, "%*i %i %*o %*u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
 128                            &semid, &uid, &gid, &cuid, &cgid) != 5)
 129                         continue;
 130
 131                 if (uid != delete_uid)
 132                         continue;
 133
 134                 if (semctl(semid, 0, IPC_RMID) < 0) {
 135
 136                         /* Ignore entries that are already deleted */
 137                         if (errno == EIDRM || errno == EINVAL)
 138                                 continue;
 139
 140                         ret = log_warning_errno(errno,
 141                                                 "Failed to remove SysV semaphores object %i: %m",
 142                                                 semid);
 143                 }
 144         }
 145
 146         return ret;
 147
 148 fail:
 149         return log_warning_errno(errno, "Failed to read /proc/sysvipc/sem: %m");
 150 }
 151
 152 static int clean_sysvipc_msg(uid_t delete_uid) {
 153         _cleanup_fclose_ FILE *f = NULL;
 154         char line[LINE_MAX];
 155         bool first = true;
 156         int ret = 0;
 157
 158         f = fopen("/proc/sysvipc/msg", "re");
 159         if (!f) {
 160                 if (errno == ENOENT)
 161                         return 0;
 162
 163                 return log_warning_errno(errno, "Failed to open /proc/sysvipc/msg: %m");
 164         }
 165
 166         FOREACH_LINE(line, f, goto fail) {
 167                 uid_t uid, cuid;
 168                 gid_t gid, cgid;
 169                 pid_t cpid, lpid;
 170                 int msgid;
 171
 172                 if (first) {
 173                         first = false;
 174                         continue;
 175                 }
 176
 177                 truncate_nl(line);
 178
 179                 if (sscanf(line, "%*i %i %*o %*u %*u " PID_FMT " " PID_FMT " " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
 180                            &msgid, &cpid, &lpid, &uid, &gid, &cuid, &cgid) != 7)
 181                         continue;
 182
 183                 if (uid != delete_uid)
 184                         continue;
 185
 186                 if (msgctl(msgid, IPC_RMID, NULL) < 0) {
 187
 188                         /* Ignore entries that are already deleted */
 189                         if (errno == EIDRM || errno == EINVAL)
 190                                 continue;
 191
 192                         ret = log_warning_errno(errno,
 193                                                 "Failed to remove SysV message queue %i: %m",
 194                                                 msgid);
 195                 }
 196         }
 197
 198         return ret;
 199
 200 fail:
 201         return log_warning_errno(errno, "Failed to read /proc/sysvipc/msg: %m");
 202 }
 203
 204 static int clean_posix_shm_internal(DIR *dir, uid_t uid) {
 205         struct dirent *de;
 206         int ret = 0, r;
 207
 208         assert(dir);
 209
 210         FOREACH_DIRENT_ALL(de, dir, goto fail) {
 211                 struct stat st;
 212
 213                 if (STR_IN_SET(de->d_name, "..", "."))
 214                         continue;
 215
 216                 if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
 217                         if (errno == ENOENT)
 218                                 continue;
 219
 220                         ret = log_warning_errno(errno, "Failed to stat() POSIX shared memory segment %s: %m", de->d_name);
 221                         continue;
 222                 }
 223
 224                 if (st.st_uid != uid)
 225                         continue;
 226
 227                 if (S_ISDIR(st.st_mode)) {
 228                         _cleanup_closedir_ DIR *kid;
 229
 230                         kid = xopendirat(dirfd(dir), de->d_name, O_NOFOLLOW|O_NOATIME);
 231                         if (!kid) {
 232                                 if (errno != ENOENT)
 233                                         ret = log_warning_errno(errno, "Failed to enter shared memory directory %s: %m", de->d_name);
 234                         } else {
 235                                 r = clean_posix_shm_internal(kid, uid);
 236                                 if (r < 0)
 237                                         ret = r;
 238                         }
 239
 240                         if (unlinkat(dirfd(dir), de->d_name, AT_REMOVEDIR) < 0) {
 241
 242                                 if (errno == ENOENT)
 243                                         continue;
 244
 245                                 ret = log_warning_errno(errno, "Failed to remove POSIX shared memory directory %s: %m", de->d_name);
 246                         }
 247                 } else {
 248
 249                         if (unlinkat(dirfd(dir), de->d_name, 0) < 0) {
 250
 251                                 if (errno == ENOENT)
 252                                         continue;
 253
 254                                 ret = log_warning_errno(errno, "Failed to remove POSIX shared memory segment %s: %m", de->d_name);
 255                         }
 256                 }
 257         }
 258
 259         return ret;
 260
 261 fail:
 262         return log_warning_errno(errno, "Failed to read /dev/shm: %m");
 263 }
 264
 265 static int clean_posix_shm(uid_t uid) {
 266         _cleanup_closedir_ DIR *dir = NULL;
 267
 268         dir = opendir("/dev/shm");
 269         if (!dir) {
 270                 if (errno == ENOENT)
 271                         return 0;
 272
 273                 return log_warning_errno(errno, "Failed to open /dev/shm: %m");
 274         }
 275
 276         return clean_posix_shm_internal(dir, uid);
 277 }
 278
 279 #if 0 /// UNNEEDED by elogind
 280 static int clean_posix_mq(uid_t uid) {
 281         _cleanup_closedir_ DIR *dir = NULL;
 282         struct dirent *de;
 283         int ret = 0;
 284
 285         dir = opendir("/dev/mqueue");
 286         if (!dir) {
 287                 if (errno == ENOENT)
 288                         return 0;
 289
 290                 return log_warning_errno(errno, "Failed to open /dev/mqueue: %m");
 291         }
 292
 293         FOREACH_DIRENT_ALL(de, dir, goto fail) {
 294                 struct stat st;
 295                 char fn[1+strlen(de->d_name)+1];
 296
 297                 if (STR_IN_SET(de->d_name, "..", "."))
 298                         continue;
 299
 300                 if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
 301                         if (errno == ENOENT)
 302                                 continue;
 303
 304                         ret = log_warning_errno(errno,
 305                                                 "Failed to stat() MQ segment %s: %m",
 306                                                 de->d_name);
 307                         continue;
 308                 }
 309
 310                 if (st.st_uid != uid)
 311                         continue;
 312
 313                 fn[0] = '/';
 314                 strcpy(fn+1, de->d_name);
 315
 316                 if (mq_unlink(fn) < 0) {
 317                         if (errno == ENOENT)
 318                                 continue;
 319
 320                         ret = log_warning_errno(errno,
 321                                                 "Failed to unlink POSIX message queue %s: %m",
 322                                                 fn);
 323                 }
 324         }
 325
 326         return ret;
 327
 328 fail:
 329         return log_warning_errno(errno, "Failed to read /dev/mqueue: %m");
 330 }
 331 #endif // 0
 332
 333 int clean_ipc(uid_t uid) {
 334         int ret = 0, r;
 335
 336         /* Refuse to clean IPC of the root and system users */
 337         if (uid <= SYSTEM_UID_MAX)
 338                 return 0;
 339
 340         r = clean_sysvipc_shm(uid);
 341         if (r < 0)
 342                 ret = r;
 343
 344         r = clean_sysvipc_sem(uid);
 345         if (r < 0)
 346                 ret = r;
 347
 348         r = clean_sysvipc_msg(uid);
 349         if (r < 0)
 350                 ret = r;
 351
 352         r = clean_posix_shm(uid);
 353         if (r < 0)
 354                 ret = r;
 355
 356 #if 0 /// elogind does not use mq_open anywhere
 357         r = clean_posix_mq(uid);
 358         if (r < 0)
 359                 ret = r;
 360 #endif // 0
 361
 362         return ret;
 363 }