X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fshared%2Futil.c;h=2aabd8d6346df41de2419754c4b56f56abd71979;hb=b7def684941808600c344f0be7a2b9fcdda97e0f;hp=041a63bb4baae8f070313daf806e22b007413afa;hpb=af6da548aa14c57da7f17b3a1f2211efdb811d19;p=elogind.git diff --git a/src/shared/util.c b/src/shared/util.c index 041a63bb4..2aabd8d63 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -54,6 +54,8 @@ #include #include #include +#include +#include #include "macro.h" #include "util.h" @@ -1081,7 +1083,7 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char * if (h < 0) return h; - r = join("[", t, "]", NULL); + r = strjoin("[", t, "]", NULL); free(t); if (!r) @@ -2938,7 +2940,8 @@ int make_stdio(int fd) { int make_null_stdio(void) { int null_fd; - if ((null_fd = open("/dev/null", O_RDWR|O_NOCTTY)) < 0) + null_fd = open("/dev/null", O_RDWR|O_NOCTTY); + if (null_fd < 0) return -errno; return make_stdio(null_fd); @@ -3241,7 +3244,7 @@ int get_ctty(pid_t pid, dev_t *_devnr, char **r) { return 0; } -int rm_rf_children(int fd, bool only_dirs, bool honour_sticky, struct stat *root_dev) { +int rm_rf_children_dangerous(int fd, bool only_dirs, bool honour_sticky, struct stat *root_dev) { DIR *d; int ret = 0; @@ -3333,18 +3336,61 @@ int rm_rf_children(int fd, bool only_dirs, bool honour_sticky, struct stat *root return ret; } -int rm_rf(const char *path, bool only_dirs, bool delete_root, bool honour_sticky) { - int fd; - int r; +int rm_rf_children(int fd, bool only_dirs, bool honour_sticky, struct stat *root_dev) { + struct statfs s; + + assert(fd >= 0); + + if (fstatfs(fd, &s) < 0) { + close_nointr_nofail(fd); + return -errno; + } + + /* We refuse to clean disk file systems with this call. This + * is extra paranoia just to be sure we never ever remove + * non-state data */ + + if (s.f_type != TMPFS_MAGIC && + s.f_type != RAMFS_MAGIC) { + log_error("Attempted to remove disk file system, and we can't allow that."); + close_nointr_nofail(fd); + return -EPERM; + } + + return rm_rf_children_dangerous(fd, only_dirs, honour_sticky, root_dev); +} + +static int rm_rf_internal(const char *path, bool only_dirs, bool delete_root, bool honour_sticky, bool dangerous) { + int fd, r; + struct statfs s; assert(path); + /* We refuse to clean the root file system with this + * call. This is extra paranoia to never cause a really + * seriously broken system. */ + if (path_equal(path, "/")) { + log_error("Attempted to remove entire root file system, and we can't allow that."); + return -EPERM; + } + fd = open(path, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME); if (fd < 0) { if (errno != ENOTDIR) return -errno; + if (!dangerous) { + if (statfs(path, &s) < 0) + return -errno; + + if (s.f_type != TMPFS_MAGIC && + s.f_type != RAMFS_MAGIC) { + log_error("Attempted to remove disk file system, and we can't allow that."); + return -EPERM; + } + } + if (delete_root && !only_dirs) if (unlink(path) < 0 && errno != ENOENT) return -errno; @@ -3352,8 +3398,21 @@ int rm_rf(const char *path, bool only_dirs, bool delete_root, bool honour_sticky return 0; } - r = rm_rf_children(fd, only_dirs, honour_sticky, NULL); + if (!dangerous) { + if (fstatfs(fd, &s) < 0) { + close_nointr_nofail(fd); + return -errno; + } + if (s.f_type != TMPFS_MAGIC && + s.f_type != RAMFS_MAGIC) { + log_error("Attempted to remove disk file system, and we can't allow that."); + close_nointr_nofail(fd); + return -EPERM; + } + } + + r = rm_rf_children_dangerous(fd, only_dirs, honour_sticky, NULL); if (delete_root) { if (honour_sticky && file_is_priv_sticky(path) > 0) @@ -3368,6 +3427,14 @@ int rm_rf(const char *path, bool only_dirs, bool delete_root, bool honour_sticky return r; } +int rm_rf(const char *path, bool only_dirs, bool delete_root, bool honour_sticky) { + return rm_rf_internal(path, only_dirs, delete_root, honour_sticky, false); +} + +int rm_rf_dangerous(const char *path, bool only_dirs, bool delete_root, bool honour_sticky) { + return rm_rf_internal(path, only_dirs, delete_root, honour_sticky, true); +} + int chmod_and_chown(const char *path, mode_t mode, uid_t uid, gid_t gid) { assert(path); @@ -5078,7 +5145,7 @@ finish: return r; } -char *join(const char *x, ...) { +char *strjoin(const char *x, ...) { va_list ap; size_t l; char *r, *p; @@ -5735,9 +5802,24 @@ bool is_valid_documentation_url(const char *url) { bool in_initrd(void) { static int saved = -1; + struct statfs s; - if (saved < 0) - saved = access("/etc/initrd-release", F_OK) >= 0; + if (saved >= 0) + return saved; + + /* We make two checks here: + * + * 1. the flag file /etc/initrd-release must exist + * 2. the root file system must be a memory file system + * + * The second check is extra paranoia, since misdetecting an + * initrd can have bad bad consequences due the initrd + * emptying when transititioning to the main systemd. + */ + + saved = access("/etc/initrd-release", F_OK) >= 0 && + statfs("/", &s) >= 0 && + (s.f_type == TMPFS_MAGIC || s.f_type == RAMFS_MAGIC); return saved; } @@ -5763,3 +5845,23 @@ void warn_melody(void) { ioctl(fd, KIOCSOUND, 0); close_nointr_nofail(fd); } + +int make_console_stdio(void) { + int fd, r; + + /* Make /dev/console the controlling terminal and stdin/stdout/stderr */ + + fd = acquire_terminal("/dev/console", false, true, true, (usec_t) -1); + if (fd < 0) { + log_error("Failed to acquire terminal: %s", strerror(-fd)); + return fd; + } + + r = make_stdio(fd); + if (r < 0) { + log_error("Failed to duplicate terminal fd: %s", strerror(-r)); + return r; + } + + return 0; +}