src/shared/clean-ipc.c

   1 /***
   2   This file is part of systemd.
   3
   4   Copyright 2014 Lennart Poettering
   5
   6   systemd is free software; you can redistribute it and/or modify it
   7   under the terms of the GNU Lesser General Public License as published by
   8   the Free Software Foundation; either version 2.1 of the License, or
   9   (at your option) any later version.
  10
  11   systemd is distributed in the hope that it will be useful, but
  12   WITHOUT ANY WARRANTY; without even the implied warranty of
  13   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  14   Lesser General Public License for more details.
  15
  16   You should have received a copy of the GNU Lesser General Public License
  17   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  18 ***/
  19
  20 #include <dirent.h>
  21 #include <errno.h>
  22 #include <fcntl.h>
  23 #include <limits.h>
  24 #include <mqueue.h>
  25 #include <stdbool.h>
  26 #include <stdio.h>
  27 #include <string.h>
  28 #include <sys/ipc.h>
  29 #include <sys/msg.h>
  30 #include <sys/sem.h>
  31 #include <sys/shm.h>
  32 #include <sys/stat.h>
  33 #include <unistd.h>
  34
  35 #include "clean-ipc.h"
  36 #include "dirent-util.h"
  37 #include "fd-util.h"
  38 #include "fileio.h"
  39 #include "formats-util.h"
  40 #include "log.h"
  41 #include "macro.h"
  42 #include "string-util.h"
  43 #include "strv.h"
  44
  45 static int clean_sysvipc_shm(uid_t delete_uid) {
  46         _cleanup_fclose_ FILE *f = NULL;
  47         char line[LINE_MAX];
  48         bool first = true;
  49         int ret = 0;
  50
  51         f = fopen("/proc/sysvipc/shm", "re");
  52         if (!f) {
  53                 if (errno == ENOENT)
  54                         return 0;
  55
  56                 return log_warning_errno(errno, "Failed to open /proc/sysvipc/shm: %m");
  57         }
  58
  59         FOREACH_LINE(line, f, goto fail) {
  60                 unsigned n_attached;
  61                 pid_t cpid, lpid;
  62                 uid_t uid, cuid;
  63                 gid_t gid, cgid;
  64                 int shmid;
  65
  66                 if (first) {
  67                         first = false;
  68                         continue;
  69                 }
  70
  71                 truncate_nl(line);
  72
  73                 if (sscanf(line, "%*i %i %*o %*u " PID_FMT " " PID_FMT " %u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
  74                            &shmid, &cpid, &lpid, &n_attached, &uid, &gid, &cuid, &cgid) != 8)
  75                         continue;
  76
  77                 if (n_attached > 0)
  78                         continue;
  79
  80                 if (uid != delete_uid)
  81                         continue;
  82
  83                 if (shmctl(shmid, IPC_RMID, NULL) < 0) {
  84
  85                         /* Ignore entries that are already deleted */
  86                         if (errno == EIDRM || errno == EINVAL)
  87                                 continue;
  88
  89                         ret = log_warning_errno(errno,
  90                                                 "Failed to remove SysV shared memory segment %i: %m",
  91                                                 shmid);
  92                 }
  93         }
  94
  95         return ret;
  96
  97 fail:
  98         return log_warning_errno(errno, "Failed to read /proc/sysvipc/shm: %m");
  99 }
 100
 101 static int clean_sysvipc_sem(uid_t delete_uid) {
 102         _cleanup_fclose_ FILE *f = NULL;
 103         char line[LINE_MAX];
 104         bool first = true;
 105         int ret = 0;
 106
 107         f = fopen("/proc/sysvipc/sem", "re");
 108         if (!f) {
 109                 if (errno == ENOENT)
 110                         return 0;
 111
 112                 return log_warning_errno(errno, "Failed to open /proc/sysvipc/sem: %m");
 113         }
 114
 115         FOREACH_LINE(line, f, goto fail) {
 116                 uid_t uid, cuid;
 117                 gid_t gid, cgid;
 118                 int semid;
 119
 120                 if (first) {
 121                         first = false;
 122                         continue;
 123                 }
 124
 125                 truncate_nl(line);
 126
 127                 if (sscanf(line, "%*i %i %*o %*u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
 128                            &semid, &uid, &gid, &cuid, &cgid) != 5)
 129                         continue;
 130
 131                 if (uid != delete_uid)
 132                         continue;
 133
 134                 if (semctl(semid, 0, IPC_RMID) < 0) {
 135
 136                         /* Ignore entries that are already deleted */
 137                         if (errno == EIDRM || errno == EINVAL)
 138                                 continue;
 139
 140                         ret = log_warning_errno(errno,
 141                                                 "Failed to remove SysV semaphores object %i: %m",
 142                                                 semid);
 143                 }
 144         }
 145
 146         return ret;
 147
 148 fail:
 149         return log_warning_errno(errno, "Failed to read /proc/sysvipc/sem: %m");
 150 }
 151
 152 static int clean_sysvipc_msg(uid_t delete_uid) {
 153         _cleanup_fclose_ FILE *f = NULL;
 154         char line[LINE_MAX];
 155         bool first = true;
 156         int ret = 0;
 157
 158         f = fopen("/proc/sysvipc/msg", "re");
 159         if (!f) {
 160                 if (errno == ENOENT)
 161                         return 0;
 162
 163                 return log_warning_errno(errno, "Failed to open /proc/sysvipc/msg: %m");
 164         }
 165
 166         FOREACH_LINE(line, f, goto fail) {
 167                 uid_t uid, cuid;
 168                 gid_t gid, cgid;
 169                 pid_t cpid, lpid;
 170                 int msgid;
 171
 172                 if (first) {
 173                         first = false;
 174                         continue;
 175                 }
 176
 177                 truncate_nl(line);
 178
 179                 if (sscanf(line, "%*i %i %*o %*u %*u " PID_FMT " " PID_FMT " " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
 180                            &msgid, &cpid, &lpid, &uid, &gid, &cuid, &cgid) != 7)
 181                         continue;
 182
 183                 if (uid != delete_uid)
 184                         continue;
 185
 186                 if (msgctl(msgid, IPC_RMID, NULL) < 0) {
 187
 188                         /* Ignore entries that are already deleted */
 189                         if (errno == EIDRM || errno == EINVAL)
 190                                 continue;
 191
 192                         ret = log_warning_errno(errno,
 193                                                 "Failed to remove SysV message queue %i: %m",
 194                                                 msgid);
 195                 }
 196         }
 197
 198         return ret;
 199
 200 fail:
 201         return log_warning_errno(errno, "Failed to read /proc/sysvipc/msg: %m");
 202 }
 203
 204 static int clean_posix_shm_internal(DIR *dir, uid_t uid) {
 205         struct dirent *de;
 206         int ret = 0, r;
 207
 208         assert(dir);
 209
 210         FOREACH_DIRENT(de, dir, goto fail) {
 211                 struct stat st;
 212
 213                 if (STR_IN_SET(de->d_name, "..", "."))
 214                         continue;
 215
 216                 if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
 217                         if (errno == ENOENT)
 218                                 continue;
 219
 220                         log_warning_errno(errno, "Failed to stat() POSIX shared memory segment %s: %m", de->d_name);
 221                         ret = -errno;
 222                         continue;
 223                 }
 224
 225                 if (st.st_uid != uid)
 226                         continue;
 227
 228                 if (S_ISDIR(st.st_mode)) {
 229                         _cleanup_closedir_ DIR *kid;
 230
 231                         kid = xopendirat(dirfd(dir), de->d_name, O_NOFOLLOW|O_NOATIME);
 232                         if (!kid) {
 233                                 if (errno != ENOENT) {
 234                                         log_warning_errno(errno, "Failed to enter shared memory directory %s: %m", de->d_name);
 235                                         ret = -errno;
 236                                 }
 237                         } else {
 238                                 r = clean_posix_shm_internal(kid, uid);
 239                                 if (r < 0)
 240                                         ret = r;
 241                         }
 242
 243                         if (unlinkat(dirfd(dir), de->d_name, AT_REMOVEDIR) < 0) {
 244
 245                                 if (errno == ENOENT)
 246                                         continue;
 247
 248                                 log_warning_errno(errno, "Failed to remove POSIX shared memory directory %s: %m", de->d_name);
 249                                 ret = -errno;
 250                         }
 251                 } else {
 252
 253                         if (unlinkat(dirfd(dir), de->d_name, 0) < 0) {
 254
 255                                 if (errno == ENOENT)
 256                                         continue;
 257
 258                                 log_warning_errno(errno, "Failed to remove POSIX shared memory segment %s: %m", de->d_name);
 259                                 ret = -errno;
 260                         }
 261                 }
 262         }
 263
 264         return ret;
 265
 266 fail:
 267         log_warning_errno(errno, "Failed to read /dev/shm: %m");
 268         return -errno;
 269 }
 270
 271 static int clean_posix_shm(uid_t uid) {
 272         _cleanup_closedir_ DIR *dir = NULL;
 273
 274         dir = opendir("/dev/shm");
 275         if (!dir) {
 276                 if (errno == ENOENT)
 277                         return 0;
 278
 279                 return log_warning_errno(errno, "Failed to open /dev/shm: %m");
 280         }
 281
 282         return clean_posix_shm_internal(dir, uid);
 283 }
 284
 285 #if 0 /// UNNEEDED by elogind
 286 static int clean_posix_mq(uid_t uid) {
 287         _cleanup_closedir_ DIR *dir = NULL;
 288         struct dirent *de;
 289         int ret = 0;
 290
 291         dir = opendir("/dev/mqueue");
 292         if (!dir) {
 293                 if (errno == ENOENT)
 294                         return 0;
 295
 296                 return log_warning_errno(errno, "Failed to open /dev/mqueue: %m");
 297         }
 298
 299         FOREACH_DIRENT(de, dir, goto fail) {
 300                 struct stat st;
 301                 char fn[1+strlen(de->d_name)+1];
 302
 303                 if (STR_IN_SET(de->d_name, "..", "."))
 304                         continue;
 305
 306                 if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
 307                         if (errno == ENOENT)
 308                                 continue;
 309
 310                         ret = log_warning_errno(errno,
 311                                                 "Failed to stat() MQ segment %s: %m",
 312                                                 de->d_name);
 313                         continue;
 314                 }
 315
 316                 if (st.st_uid != uid)
 317                         continue;
 318
 319                 fn[0] = '/';
 320                 strcpy(fn+1, de->d_name);
 321
 322                 if (mq_unlink(fn) < 0) {
 323                         if (errno == ENOENT)
 324                                 continue;
 325
 326                         ret = log_warning_errno(errno,
 327                                                 "Failed to unlink POSIX message queue %s: %m",
 328                                                 fn);
 329                 }
 330         }
 331
 332         return ret;
 333
 334 fail:
 335         return log_warning_errno(errno, "Failed to read /dev/mqueue: %m");
 336 }
 337 #endif // 0
 338
 339 int clean_ipc(uid_t uid) {
 340         int ret = 0, r;
 341
 342         /* Refuse to clean IPC of the root and system users */
 343         if (uid <= SYSTEM_UID_MAX)
 344                 return 0;
 345
 346         r = clean_sysvipc_shm(uid);
 347         if (r < 0)
 348                 ret = r;
 349
 350         r = clean_sysvipc_sem(uid);
 351         if (r < 0)
 352                 ret = r;
 353
 354         r = clean_sysvipc_msg(uid);
 355         if (r < 0)
 356                 ret = r;
 357
 358         r = clean_posix_shm(uid);
 359         if (r < 0)
 360                 ret = r;
 361
 362 #if 0 /// elogind does not use mq_open anywhere
 363         r = clean_posix_mq(uid);
 364         if (r < 0)
 365                 ret = r;
 366 #endif // 0
 367
 368         return ret;
 369 }