src/shared/clean-ipc.c

   1 /***
   2   This file is part of systemd.
   3
   4   Copyright 2014 Lennart Poettering
   5
   6   systemd is free software; you can redistribute it and/or modify it
   7   under the terms of the GNU Lesser General Public License as published by
   8   the Free Software Foundation; either version 2.1 of the License, or
   9   (at your option) any later version.
  10
  11   systemd is distributed in the hope that it will be useful, but
  12   WITHOUT ANY WARRANTY; without even the implied warranty of
  13   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  14   Lesser General Public License for more details.
  15
  16   You should have received a copy of the GNU Lesser General Public License
  17   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  18 ***/
  19
  20 #include <dirent.h>
  21 #include <errno.h>
  22 #include <fcntl.h>
  23 #include <limits.h>
  24 #include <mqueue.h>
  25 #include <stdbool.h>
  26 #include <stdio.h>
  27 #include <string.h>
  28 #include <sys/ipc.h>
  29 #include <sys/msg.h>
  30 #include <sys/sem.h>
  31 #include <sys/shm.h>
  32 #include <sys/stat.h>
  33 #include <unistd.h>
  34
  35 #include "clean-ipc.h"
  36 #include "dirent-util.h"
  37 #include "fd-util.h"
  38 #include "fileio.h"
  39 #include "format-util.h"
  40 #include "log.h"
  41 #include "macro.h"
  42 #include "string-util.h"
  43 #include "strv.h"
  44 #include "user-util.h"
  45
  46 static bool match_uid_gid(uid_t subject_uid, gid_t subject_gid, uid_t delete_uid, gid_t delete_gid) {
  47
  48         if (uid_is_valid(delete_uid) && subject_uid == delete_uid)
  49                 return true;
  50
  51         if (gid_is_valid(delete_gid) && subject_gid == delete_gid)
  52                 return true;
  53
  54         return false;
  55 }
  56
  57 static int clean_sysvipc_shm(uid_t delete_uid, gid_t delete_gid) {
  58         _cleanup_fclose_ FILE *f = NULL;
  59         char line[LINE_MAX];
  60         bool first = true;
  61         int ret = 0;
  62
  63         f = fopen("/proc/sysvipc/shm", "re");
  64         if (!f) {
  65                 if (errno == ENOENT)
  66                         return 0;
  67
  68                 return log_warning_errno(errno, "Failed to open /proc/sysvipc/shm: %m");
  69         }
  70
  71         FOREACH_LINE(line, f, goto fail) {
  72                 unsigned n_attached;
  73                 pid_t cpid, lpid;
  74                 uid_t uid, cuid;
  75                 gid_t gid, cgid;
  76                 int shmid;
  77
  78                 if (first) {
  79                         first = false;
  80                         continue;
  81                 }
  82
  83                 truncate_nl(line);
  84
  85                 if (sscanf(line, "%*i %i %*o %*u " PID_FMT " " PID_FMT " %u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
  86                            &shmid, &cpid, &lpid, &n_attached, &uid, &gid, &cuid, &cgid) != 8)
  87                         continue;
  88
  89                 if (n_attached > 0)
  90                         continue;
  91
  92                 if (!match_uid_gid(uid, gid, delete_uid, delete_gid))
  93                         continue;
  94
  95                 if (shmctl(shmid, IPC_RMID, NULL) < 0) {
  96
  97                         /* Ignore entries that are already deleted */
  98                         if (errno == EIDRM || errno == EINVAL)
  99                                 continue;
 100
 101                         ret = log_warning_errno(errno,
 102                                                 "Failed to remove SysV shared memory segment %i: %m",
 103                                                 shmid);
 104                 } else
 105                         log_debug("Removed SysV shared memory segment %i.", shmid);
 106         }
 107
 108         return ret;
 109
 110 fail:
 111         return log_warning_errno(errno, "Failed to read /proc/sysvipc/shm: %m");
 112 }
 113
 114 static int clean_sysvipc_sem(uid_t delete_uid, gid_t delete_gid) {
 115         _cleanup_fclose_ FILE *f = NULL;
 116         char line[LINE_MAX];
 117         bool first = true;
 118         int ret = 0;
 119
 120         f = fopen("/proc/sysvipc/sem", "re");
 121         if (!f) {
 122                 if (errno == ENOENT)
 123                         return 0;
 124
 125                 return log_warning_errno(errno, "Failed to open /proc/sysvipc/sem: %m");
 126         }
 127
 128         FOREACH_LINE(line, f, goto fail) {
 129                 uid_t uid, cuid;
 130                 gid_t gid, cgid;
 131                 int semid;
 132
 133                 if (first) {
 134                         first = false;
 135                         continue;
 136                 }
 137
 138                 truncate_nl(line);
 139
 140                 if (sscanf(line, "%*i %i %*o %*u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
 141                            &semid, &uid, &gid, &cuid, &cgid) != 5)
 142                         continue;
 143
 144                 if (!match_uid_gid(uid, gid, delete_uid, delete_gid))
 145                         continue;
 146
 147                 if (semctl(semid, 0, IPC_RMID) < 0) {
 148
 149                         /* Ignore entries that are already deleted */
 150                         if (errno == EIDRM || errno == EINVAL)
 151                                 continue;
 152
 153                         ret = log_warning_errno(errno,
 154                                                 "Failed to remove SysV semaphores object %i: %m",
 155                                                 semid);
 156                 } else
 157                         log_debug("Removed SysV semaphore %i.", semid);
 158         }
 159
 160         return ret;
 161
 162 fail:
 163         return log_warning_errno(errno, "Failed to read /proc/sysvipc/sem: %m");
 164 }
 165
 166 static int clean_sysvipc_msg(uid_t delete_uid, gid_t delete_gid) {
 167         _cleanup_fclose_ FILE *f = NULL;
 168         char line[LINE_MAX];
 169         bool first = true;
 170         int ret = 0;
 171
 172         f = fopen("/proc/sysvipc/msg", "re");
 173         if (!f) {
 174                 if (errno == ENOENT)
 175                         return 0;
 176
 177                 return log_warning_errno(errno, "Failed to open /proc/sysvipc/msg: %m");
 178         }
 179
 180         FOREACH_LINE(line, f, goto fail) {
 181                 uid_t uid, cuid;
 182                 gid_t gid, cgid;
 183                 pid_t cpid, lpid;
 184                 int msgid;
 185
 186                 if (first) {
 187                         first = false;
 188                         continue;
 189                 }
 190
 191                 truncate_nl(line);
 192
 193                 if (sscanf(line, "%*i %i %*o %*u %*u " PID_FMT " " PID_FMT " " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,
 194                            &msgid, &cpid, &lpid, &uid, &gid, &cuid, &cgid) != 7)
 195                         continue;
 196
 197                 if (!match_uid_gid(uid, gid, delete_uid, delete_gid))
 198                         continue;
 199
 200                 if (msgctl(msgid, IPC_RMID, NULL) < 0) {
 201
 202                         /* Ignore entries that are already deleted */
 203                         if (errno == EIDRM || errno == EINVAL)
 204                                 continue;
 205
 206                         ret = log_warning_errno(errno,
 207                                                 "Failed to remove SysV message queue %i: %m",
 208                                                 msgid);
 209                 } else
 210                         log_debug("Removed SysV message queue %i.", msgid);
 211         }
 212
 213         return ret;
 214
 215 fail:
 216         return log_warning_errno(errno, "Failed to read /proc/sysvipc/msg: %m");
 217 }
 218
 219 static int clean_posix_shm_internal(DIR *dir, uid_t uid, gid_t gid) {
 220         struct dirent *de;
 221         int ret = 0, r;
 222
 223         assert(dir);
 224
 225         FOREACH_DIRENT_ALL(de, dir, goto fail) {
 226                 struct stat st;
 227
 228                 if (STR_IN_SET(de->d_name, "..", "."))
 229                         continue;
 230
 231                 if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
 232                         if (errno == ENOENT)
 233                                 continue;
 234
 235                         ret = log_warning_errno(errno, "Failed to stat() POSIX shared memory segment %s: %m", de->d_name);
 236                         continue;
 237                 }
 238
 239                 if (!match_uid_gid(st.st_uid, st.st_gid, uid, gid))
 240                         continue;
 241
 242                 if (S_ISDIR(st.st_mode)) {
 243                         _cleanup_closedir_ DIR *kid;
 244
 245                         kid = xopendirat(dirfd(dir), de->d_name, O_NOFOLLOW|O_NOATIME);
 246                         if (!kid) {
 247                                 if (errno != ENOENT)
 248                                         ret = log_warning_errno(errno, "Failed to enter shared memory directory %s: %m", de->d_name);
 249                         } else {
 250                                 r = clean_posix_shm_internal(kid, uid, gid);
 251                                 if (r < 0)
 252                                         ret = r;
 253                         }
 254
 255                         if (unlinkat(dirfd(dir), de->d_name, AT_REMOVEDIR) < 0) {
 256
 257                                 if (errno == ENOENT)
 258                                         continue;
 259
 260                                 ret = log_warning_errno(errno, "Failed to remove POSIX shared memory directory %s: %m", de->d_name);
 261                         } else
 262                                 log_debug("Removed POSIX shared memory directory %s", de->d_name);
 263                 } else {
 264
 265                         if (unlinkat(dirfd(dir), de->d_name, 0) < 0) {
 266
 267                                 if (errno == ENOENT)
 268                                         continue;
 269
 270                                 ret = log_warning_errno(errno, "Failed to remove POSIX shared memory segment %s: %m", de->d_name);
 271                         } else
 272                                 log_debug("Removed POSIX shared memory segment %s", de->d_name);
 273                 }
 274         }
 275
 276         return ret;
 277
 278 fail:
 279         return log_warning_errno(errno, "Failed to read /dev/shm: %m");
 280 }
 281
 282 static int clean_posix_shm(uid_t uid, gid_t gid) {
 283         _cleanup_closedir_ DIR *dir = NULL;
 284
 285         dir = opendir("/dev/shm");
 286         if (!dir) {
 287                 if (errno == ENOENT)
 288                         return 0;
 289
 290                 return log_warning_errno(errno, "Failed to open /dev/shm: %m");
 291         }
 292
 293         return clean_posix_shm_internal(dir, uid, gid);
 294 }
 295
 296 #if 0 /// UNNEEDED by elogind
 297 static int clean_posix_mq(uid_t uid, gid_t gid) {
 298         _cleanup_closedir_ DIR *dir = NULL;
 299         struct dirent *de;
 300         int ret = 0;
 301
 302         dir = opendir("/dev/mqueue");
 303         if (!dir) {
 304                 if (errno == ENOENT)
 305                         return 0;
 306
 307                 return log_warning_errno(errno, "Failed to open /dev/mqueue: %m");
 308         }
 309
 310         FOREACH_DIRENT_ALL(de, dir, goto fail) {
 311                 struct stat st;
 312                 char fn[1+strlen(de->d_name)+1];
 313
 314                 if (STR_IN_SET(de->d_name, "..", "."))
 315                         continue;
 316
 317                 if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {
 318                         if (errno == ENOENT)
 319                                 continue;
 320
 321                         ret = log_warning_errno(errno,
 322                                                 "Failed to stat() MQ segment %s: %m",
 323                                                 de->d_name);
 324                         continue;
 325                 }
 326
 327                 if (!match_uid_gid(st.st_uid, st.st_gid, uid, gid))
 328                         continue;
 329
 330                 fn[0] = '/';
 331                 strcpy(fn+1, de->d_name);
 332
 333                 if (mq_unlink(fn) < 0) {
 334                         if (errno == ENOENT)
 335                                 continue;
 336
 337                         ret = log_warning_errno(errno,
 338                                                 "Failed to unlink POSIX message queue %s: %m",
 339                                                 fn);
 340                 } else
 341                         log_debug("Removed POSIX message queue %s", fn);
 342         }
 343
 344         return ret;
 345
 346 fail:
 347         return log_warning_errno(errno, "Failed to read /dev/mqueue: %m");
 348 }
 349 #endif // 0
 350
 351 int clean_ipc(uid_t uid, gid_t gid) {
 352         int ret = 0, r;
 353
 354         /* Anything to do? */
 355         if (!uid_is_valid(uid) && !gid_is_valid(gid))
 356                 return 0;
 357
 358         /* Refuse to clean IPC of the root user */
 359         if (uid == 0 && gid == 0)
 360                 return 0;
 361
 362         r = clean_sysvipc_shm(uid, gid);
 363         if (r < 0)
 364                 ret = r;
 365
 366         r = clean_sysvipc_sem(uid, gid);
 367         if (r < 0)
 368                 ret = r;
 369
 370         r = clean_sysvipc_msg(uid, gid);
 371         if (r < 0)
 372                 ret = r;
 373
 374         r = clean_posix_shm(uid, gid);
 375         if (r < 0)
 376                 ret = r;
 377
 378 #if 0 /// elogind does not use mq_open anywhere
 379         r = clean_posix_mq(uid, gid);
 380         if (r < 0)
 381                 ret = r;
 382 #endif // 0
 383
 384         return ret;
 385 }
 386
 387 int clean_ipc_by_uid(uid_t uid) {
 388         return clean_ipc(uid, GID_INVALID);
 389 }
 390
 391 #if 0 /// UNNEEDED by elogind
 392 int clean_ipc_by_gid(gid_t gid) {
 393         return clean_ipc(UID_INVALID, gid);
 394 }
 395 #endif // 0