vol_id: probe volume as user nobody

Signed-off-by: Kay Sievers <kay.sievers@suse.de>

diff --git a/extras/volume_id/libvolume_id/mac.c b/extras/volume_id/libvolume_id/mac.c
index 99bcbde6be8ecf34dbecac13f2c9dde309d65e1b..53f0761c8a86300a376db2486312f9b807f488d4 100644 (file)
--- a/extras/volume_id/libvolume_id/mac.c
+++ b/extras/volume_id/libvolume_id/mac.c
@@ -84,14 +84,15 @@ int volume_id_probe_mac_partition_map(struct volume_id *id, uint64_t off)
 
                part_count = be32_to_cpu(part->map_count);
                dbg("expecting %d partition entries", part_count);
 
                part_count = be32_to_cpu(part->map_count);
                dbg("expecting %d partition entries", part_count);

+               if (part_count < 1 || part_count > 256)
+                       return -1;

 
                if (id->partitions != NULL)
                        free(id->partitions);
 
                if (id->partitions != NULL)
                        free(id->partitions);

-               id->partitions =
-                       malloc(part_count * sizeof(struct volume_id_partition));
+               id->partitions = malloc(part_count * sizeof(struct volume_id_partition));

                if (id->partitions == NULL)
                        return -1;
                if (id->partitions == NULL)
                        return -1;

-               memset(id->partitions, 0x00, sizeof(struct volume_id_partition));
+               memset(id->partitions, 0x00, part_count * sizeof(struct volume_id_partition));

 
                id->partition_count = part_count;
 
 
                id->partition_count = part_count;
 

diff --git a/extras/volume_id/libvolume_id/volume_id.h b/extras/volume_id/libvolume_id/volume_id.h
index ad65fe5438cbec088192814a5b2abb04b13ca395..edeb225faf9551c30eab34e8c108eb8f91e1945d 100644 (file)
--- a/extras/volume_id/libvolume_id/volume_id.h
+++ b/extras/volume_id/libvolume_id/volume_id.h
@@ -14,7 +14,7 @@
 #include <stdint.h>
 #include <stddef.h>
 
 #include <stdint.h>
 #include <stddef.h>
 

-#define VOLUME_ID_VERSION              55
+#define VOLUME_ID_VERSION              56

 
 #define VOLUME_ID_LABEL_SIZE           64
 #define VOLUME_ID_UUID_SIZE            36
 
 #define VOLUME_ID_LABEL_SIZE           64
 #define VOLUME_ID_UUID_SIZE            36

diff --git a/extras/volume_id/vol_id.c b/extras/volume_id/vol_id.c
index a291eda51d5db44a1e88df7f290793af9d1d2315..6961969c13f63e466638398d537058136cb21108 100644 (file)
--- a/extras/volume_id/vol_id.c
+++ b/extras/volume_id/vol_id.c
@@ -27,6 +27,7 @@
 #include <unistd.h>
 #include <string.h>
 #include <ctype.h>
 #include <unistd.h>
 #include <string.h>
 #include <ctype.h>

+#include <grp.h>

 #include <sys/ioctl.h>
 
 #include "../../udev.h"
 #include <sys/ioctl.h>
 
 #include "../../udev.h"


@@ -110,6 +111,8 @@ int main(int argc, char *argv[])
        int i;
        uint64_t size;
        const char *node = NULL;
        int i;
        uint64_t size;
        const char *node = NULL;

+       uid_t nobody_uid;
+       gid_t nobody_gid;

        int rc = 0;
 
        logging_init("vol_id");
        int rc = 0;
 
        logging_init("vol_id");


@@ -146,12 +149,24 @@ int main(int argc, char *argv[])
                size = 0;
        dbg("BLKGETSIZE64=%llu", size);
 
                size = 0;
        dbg("BLKGETSIZE64=%llu", size);
 

+       /* drop all privileges */
+       nobody_uid = lookup_user("nobody");
+       nobody_gid = lookup_group("nogroup");
+       if (nobody_uid > 0 && nobody_gid > 0) {
+               if (setgroups(0, NULL) != 0 ||
+                   setgid(nobody_gid) != 0 ||
+                   setuid(nobody_uid) != 0) {
+                       rc = 3;
+                       goto exit;
+               }
+       }
+

        if (volume_id_probe_all(vid, 0, size) == 0)
                goto print;
 
        if (print != PRINT_EXPORT)
                fprintf(stderr, "%s: unknown volume type\n", node);
        if (volume_id_probe_all(vid, 0, size) == 0)
                goto print;
 
        if (print != PRINT_EXPORT)
                fprintf(stderr, "%s: unknown volume type\n", node);

-       rc = 3;
+       rc = 4;

        goto exit;
 
 print:
        goto exit;
 
 print: