Changes in trunk/src/sh_suidchk.c [30:19]
- File:
-
- 1 edited
-
trunk/src/sh_suidchk.c (modified) (13 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/sh_suidchk.c
r30 r19 415 415 long sl_status = SL_ENONE; 416 416 struct stat fileInfo; 417 struct stat fileInfo_F;418 int file_d;419 417 420 418 file_type theFile; 421 419 char fileHash[2*(KEY_LEN + 1)]; 422 423 mode_t umask_old;424 int cperm_status;425 420 426 421 SL_ENTER(_("sh_suidchk_check_internal")); … … 524 519 */ 525 520 fs = filesystem_type (tmpcat, tmpcat, &buf); 526 if (fs != NULL 527 #ifndef SH_SUIDTESTDIR 528 && 529 0 != strncmp (_("afs"), fs, 3) && 521 if (fs != NULL && 522 0 != strncmp (_("nfs"), fs, 3) && 523 0 != strncmp (_("proc"), fs, 4) && 524 0 != strncmp (_("iso9660"), fs, 7) && 525 0 != strncmp (_("vfat"), fs, 4) && 526 0 != strncmp (_("msdos"), fs, 5) && 530 527 0 != strncmp (_("devfs"), fs, 5) && 531 0 != strncmp (_("iso9660"), fs, 7) && 532 0 != strncmp (_("lustre"), fs, 6) && 533 0 != strncmp (_("mmfs"), fs, 4) && 534 0 != strncmp (_("msdos"), fs, 5) && 535 0 != strncmp (_("nfs"), fs, 3) && 536 0 != strncmp (_("nosuid"), fs, 6) && 537 0 != strncmp (_("proc"), fs, 4) && 538 0 != strncmp (_("vfat"), fs, 4) 539 #endif 528 0 != strncmp (_("nosuid"), fs, 6) 540 529 ) 541 530 { … … 677 666 break; 678 667 case SH_Q_CHANGEPERM: 679 cperm_status = 0;680 file_d = -1;681 668 if (retry_lstat(FIL__, __LINE__, tmpcat, &fileInfo) == -1) 682 669 { … … 690 677 tmp ); 691 678 SH_FREE(msg); 692 cperm_status = -1;693 679 } 694 695 if (cperm_status == 0) 680 else 696 681 { 697 682 if (0 != (caperr = sl_get_cap_qdel())) … … 701 686 sh_error_message (caperr), 702 687 _("sl_get_cap_qdel")); 703 cperm_status = -1;704 688 } 705 } 706 707 if (cperm_status == 0) 708 { 709 file_d = aud_open (FIL__, __LINE__, SL_YESPRIV, 710 tmpcat, O_RDONLY, 0); 711 if (-1 == file_d) 712 { 713 status = errno; 714 msg = SH_ALLOC(SH_BUFSIZE); 715 (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); 716 sh_error_handle (ShSuidchkSeverity, 717 FIL__, __LINE__, 718 status, 719 MSG_SUID_QREPORT, msg, 720 tmp ); 721 SH_FREE(msg); 722 cperm_status = -1; 723 } 724 } 725 726 if (cperm_status == 0) 727 { 728 if (retry_fstat(FIL__, __LINE__, file_d, &fileInfo_F) == -1) 729 { 730 status = errno; 731 msg = SH_ALLOC(SH_BUFSIZE); 732 (void) sl_snprintf(msg, SH_BUFSIZE, 733 _("I/O error. errno = %ld"), status); 734 sh_error_handle (ShSuidchkSeverity, 735 FIL__, __LINE__, 736 status, 737 MSG_SUID_QREPORT, msg, 738 tmp ); 739 SH_FREE(msg); 740 cperm_status = -1; 741 } 742 } 743 744 if (cperm_status == 0) 745 { 746 if (fileInfo_F.st_ino != fileInfo.st_ino || 747 fileInfo_F.st_dev != fileInfo.st_dev || 748 fileInfo_F.st_mode != fileInfo.st_mode) 749 { 750 status = errno; 751 msg = SH_ALLOC(SH_BUFSIZE); 752 (void) sl_snprintf(msg, SH_BUFSIZE, 753 _("Race detected. errno = %ld"), status); 754 sh_error_handle (ShSuidchkSeverity, 755 FIL__, __LINE__, 756 status, 757 MSG_SUID_QREPORT, msg, 758 tmp ); 759 SH_FREE(msg); 760 cperm_status = -1; 761 } 762 } 763 764 if ((fileInfo.st_mode & S_ISUID) > 0) 765 fileInfo.st_mode -= S_ISUID; 766 if ((fileInfo.st_mode & S_ISGID) > 0) 767 fileInfo.st_mode -= S_ISGID; 768 769 if (cperm_status == 0) 770 { 771 if (fchmod(file_d, fileInfo.st_mode) == -1) 689 690 if ((fileInfo.st_mode & S_ISUID) > 0) 691 fileInfo.st_mode -= S_ISUID; 692 if ((fileInfo.st_mode & S_ISGID) > 0) 693 fileInfo.st_mode -= S_ISGID; 694 if (chmod(tmpcat, fileInfo.st_mode) == -1) 772 695 { 773 696 status = errno; … … 790 713 tmp ); 791 714 } 792 } 793 794 if (0 != (caperr = sl_drop_cap_qdel())) 795 { 796 sh_error_handle((-1), FIL__, __LINE__, 797 caperr, MSG_E_SUBGEN, 798 sh_error_message (caperr), 799 _("sl_drop_cap_qdel")); 800 } 801 802 if (file_d != -1) 803 { 804 do { 805 status = close (file_d); 806 } while (status == -1 && errno == EINTR); 807 808 if (-1 == status) 715 if (0 != (caperr = sl_drop_cap_qdel())) 809 716 { 810 status = errno; 811 msg = SH_ALLOC(SH_BUFSIZE); 812 (void) sl_snprintf(msg, SH_BUFSIZE, 813 _("I/O error. errno = %ld"), status); 814 sh_error_handle (ShSuidchkSeverity, 815 FIL__, __LINE__, 816 status, 817 MSG_SUID_QREPORT, msg, 818 tmp ); 819 SH_FREE(msg); 820 cperm_status = -1; 717 sh_error_handle((-1), FIL__, __LINE__, 718 caperr, MSG_E_SUBGEN, 719 sh_error_message (caperr), 720 _("sl_drop_cap_qdel")); 821 721 } 822 722 } … … 825 725 dir = SH_ALLOC(PATH_MAX+1); 826 726 (void) sl_strlcpy (dir, DEFAULT_QDIR, PATH_MAX+1); 827 if ( retry_stat (FIL__, __LINE__, dir, &fileInfo) != 0)727 if (access (dir, F_OK) != 0) 828 728 { 829 729 status = errno; 830 730 msg = SH_ALLOC(SH_BUFSIZE); 831 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld ( stat)"), status);731 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (access)"), status); 832 732 sh_error_handle (ShSuidchkSeverity, 833 733 FIL__, __LINE__, … … 915 815 DEFAULT_QDIR, 916 816 basename(theFile.fullpath)); 917 /*918 * avoid chmod by setting umask919 */920 umask_old = umask (0077);921 817 filePtr = fopen (filetmp, "w+"); 922 818 /*@-usedef@*/ … … 932 828 } 933 829 /*@+usedef@*/ 934 umask (umask_old);935 830 936 831 sh_error_handle (ShSuidchkSeverity, … … 939 834 _("Quarantine method applied"), 940 835 tmp ); 836 if (chmod(filetmp, S_IRUSR | S_IWUSR) == -1) 837 { 838 status = errno; 839 msg = SH_ALLOC(SH_BUFSIZE); 840 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem setting permissions on quarantined file. errno = %ld"), status); 841 sh_error_handle (ShSuidchkSeverity, 842 FIL__,__LINE__, 843 status, MSG_SUID_QREPORT, 844 msg, tmp ); 845 SH_FREE(msg); 846 } 941 847 } 942 848 SH_FREE(filetmp); … … 1070 976 FileLimTotal = 0; 1071 977 1072 #ifdef SH_SUIDTESTDIR1073 status = sh_suidchk_check_internal (SH_SUIDTESTDIR);1074 #else1075 978 status = sh_suidchk_check_internal ("/"); 1076 #endif1077 979 1078 980 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_SUMMARY, … … 1267 1169 long val; 1268 1170 int ret = 0; 1269 struct stat buf;1270 1171 1271 1172 SL_ENTER(_("sh_suidchk_set_qmethod")); … … 1289 1190 break; 1290 1191 case SH_Q_MOVE: 1291 if ( retry_stat (FIL__, __LINE__, DEFAULT_QDIR, &buf) != 0)1192 if (access (DEFAULT_QDIR, F_OK) != 0) 1292 1193 { 1293 1194 if (mkdir (DEFAULT_QDIR, 0750) == -1)
Note:
See TracChangeset
for help on using the changeset viewer.
