Changeset 253
- Timestamp:
- Oct 25, 2009, 9:11:25 AM (15 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
-
include/sh_modules.h (modified) (1 diff)
-
src/sh_portcheck.c (modified) (2 diffs)
-
src/sh_processcheck.c (modified) (1 diff)
-
src/sh_suidchk.c (modified) (95 diffs)
-
src/sh_unix.c (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/sh_modules.h
r140 r253 26 26 27 27 /* The check function. Return 0 on success. */ 28 /* Return nonzero on fatal error or if module is disabled. */ 28 29 int (* mod_check) (void); 29 30 -
trunk/src/sh_portcheck.c
r252 r253 1618 1618 if (sh_portchk_active != S_FALSE) 1619 1619 { 1620 #ifdef SL_DEBUG 1621 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_E_SUBGEN, 1622 _("Checking for open ports"), 1623 _("sh_portchk_check")); 1624 #else 1625 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, 0, MSG_E_SUBGEN, 1626 _("Checking for open ports"), 1627 _("sh_portchk_check")); 1628 #endif 1629 1620 1630 sh_portchk_reset_lists(); 1621 1631 if (0 != geteuid()) … … 1627 1637 SH_MUTEX_LOCK(mutex_thread_nolog); 1628 1638 sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN, 1629 _("not scanning ports below 1024"), _("sh_portchk_check")); 1639 _("not scanning ports below 1024"), 1640 _("sh_portchk_check")); 1630 1641 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1631 1642 #endif -
trunk/src/sh_processcheck.c
r252 r253 1360 1360 { 1361 1361 SH_MUTEX_LOCK(mutex_thread_nolog); 1362 #ifdef SL_DEBUG 1363 sh_error_handle(SH_ERR_NOTICE, FIL__, __LINE__, 0, MSG_PCK_CHECK, 1364 (unsigned long) sh_prochk_minpid, 1365 (unsigned long) (sh_prochk_maxpid-1)); 1366 #else 1362 1367 sh_error_handle((-1), FIL__, __LINE__, 0, MSG_PCK_CHECK, 1363 1368 (unsigned long) sh_prochk_minpid, 1364 1369 (unsigned long) (sh_prochk_maxpid-1)); 1370 #endif 1365 1371 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1366 1372 -
trunk/src/sh_suidchk.c
r252 r253 163 163 #endif 164 164 165 SH_MUTEX_STATIC(mutex_suid_check, PTHREAD_MUTEX_INITIALIZER); 166 165 167 extern unsigned long sh_files_maskof (int class); 166 168 … … 202 204 if (depth > 99) 203 205 { 206 SH_MUTEX_LOCK(mutex_thread_nolog); 204 207 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, 205 208 MSG_SUID_ERROR, 206 209 _("do_truncate: max depth 99 exceeded")); 210 SH_MUTEX_UNLOCK(mutex_thread_nolog); 207 211 return -1; 208 212 } … … 210 214 if (path[0] != '/') 211 215 { 216 SH_MUTEX_LOCK(mutex_thread_nolog); 212 217 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, 213 218 MSG_SUID_ERROR, 214 219 _("do_truncate: not an absolute path")); 220 SH_MUTEX_UNLOCK(mutex_thread_nolog); 215 221 return -1; 216 222 } … … 222 228 if (0 != retry_lstat(FIL__, __LINE__, path, &one)) 223 229 { 230 SH_MUTEX_LOCK(mutex_thread_nolog); 224 231 sh_error_handle ((-1), FIL__, __LINE__, errno, 225 232 MSG_SUID_ERROR, 226 233 sh_error_message(errno, errbuf, sizeof(errbuf))); 234 SH_MUTEX_UNLOCK(mutex_thread_nolog); 227 235 *q = '/'; 228 236 return -1; … … 231 239 232 240 { 241 SH_MUTEX_LOCK(mutex_thread_nolog); 233 242 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, 234 243 MSG_SUID_ERROR, 235 244 _("Possible race: not a directory")); 245 SH_MUTEX_UNLOCK(mutex_thread_nolog); 236 246 *q = '/'; 237 247 return -1; … … 241 251 if (0 != chdir(path)) 242 252 { 253 SH_MUTEX_LOCK(mutex_thread_nolog); 243 254 sh_error_handle ((-1), FIL__, __LINE__, errno, 244 255 MSG_SUID_ERROR, 245 256 sh_error_message(errno, errbuf, sizeof(errbuf))); 257 SH_MUTEX_UNLOCK(mutex_thread_nolog); 246 258 *q = '/'; 247 259 return -1; … … 259 271 (!S_ISDIR(two.st_mode))/*@+usedef@*/) 260 272 { 273 SH_MUTEX_LOCK(mutex_thread_nolog); 261 274 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, 262 275 MSG_SUID_ERROR, 263 276 _("Possible race: lstat(dir) != lstat(.)")); 277 SH_MUTEX_UNLOCK(mutex_thread_nolog); 264 278 return -1; 265 279 } … … 276 290 if (0 != retry_lstat(FIL__, __LINE__, path, &one)) 277 291 { 292 SH_MUTEX_LOCK(mutex_thread_nolog); 278 293 sh_error_handle ((-1), FIL__, __LINE__, errno, 279 294 MSG_SUID_ERROR, 280 295 sh_error_message(errno, errbuf, sizeof(errbuf))); 296 SH_MUTEX_UNLOCK(mutex_thread_nolog); 281 297 return -1; 282 298 } … … 284 300 if (-1 == fd) 285 301 { 302 SH_MUTEX_LOCK(mutex_thread_nolog); 286 303 sh_error_handle ((-1), FIL__, __LINE__, errno, 287 304 MSG_SUID_ERROR, 288 305 sh_error_message(errno, errbuf, sizeof(errbuf))); 306 SH_MUTEX_UNLOCK(mutex_thread_nolog); 289 307 return -1; 290 308 } 291 309 if (0 != retry_fstat(FIL__, __LINE__, fd, &two)) 292 310 { 311 SH_MUTEX_LOCK(mutex_thread_nolog); 293 312 sh_error_handle ((-1), FIL__, __LINE__, errno, 294 313 MSG_SUID_ERROR, 295 314 sh_error_message(errno, errbuf, sizeof(errbuf))); 315 SH_MUTEX_UNLOCK(mutex_thread_nolog); 296 316 (void) sl_close_fd(FIL__, __LINE__, fd); 297 317 return -1; … … 300 320 (one.st_ino != two.st_ino)/*@+usedef@*/) 301 321 { 322 SH_MUTEX_LOCK(mutex_thread_nolog); 302 323 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, 303 324 MSG_SUID_ERROR, 304 325 _("Possible race: lstat != fstat")); 326 SH_MUTEX_UNLOCK(mutex_thread_nolog); 305 327 (void) sl_close_fd(FIL__, __LINE__, fd); 306 328 return -1; … … 308 330 if (!S_ISREG(two.st_mode)) 309 331 { 332 SH_MUTEX_LOCK(mutex_thread_nolog); 310 333 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, 311 334 MSG_SUID_ERROR, 312 335 _("Possible race: not a regular file")); 336 SH_MUTEX_UNLOCK(mutex_thread_nolog); 313 337 (void) sl_close_fd(FIL__, __LINE__, fd); 314 338 return -1; … … 316 340 if ((0 == (two.st_mode & S_ISUID)) && (0 == (two.st_mode & S_ISGID))) 317 341 { 342 SH_MUTEX_LOCK(mutex_thread_nolog); 318 343 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, 319 344 MSG_SUID_ERROR, 320 345 _("Possible race: not a suid/sgid file")); 346 SH_MUTEX_UNLOCK(mutex_thread_nolog); 321 347 (void) sl_close_fd(FIL__, __LINE__, fd); 322 348 return -1; … … 331 357 if (-1 == /*@-unrecog@*/fchmod(fd, two.st_mode)/*@+unrecog@*/) 332 358 { 359 SH_MUTEX_LOCK(mutex_thread_nolog); 333 360 sh_error_handle ((-1), FIL__, __LINE__, errno, 334 361 MSG_SUID_ERROR, 335 362 sh_error_message(errno, errbuf, sizeof(errbuf))); 363 SH_MUTEX_UNLOCK(mutex_thread_nolog); 336 364 (void) sl_close_fd(FIL__, __LINE__, fd); 337 365 return -1; 338 366 } 339 367 #else 368 SH_MUTEX_LOCK(mutex_thread_nolog); 340 369 sh_error_handle ((-1), FIL__, __LINE__, errno, 341 370 MSG_SUID_ERROR, 342 371 _("The fchmod() function is not available")); 372 SH_MUTEX_UNLOCK(mutex_thread_nolog); 343 373 (void) sl_close_fd(FIL__, __LINE__, fd); 344 374 return -1; … … 346 376 if (two.st_nlink > 1) 347 377 { 378 SH_MUTEX_LOCK(mutex_thread_nolog); 348 379 sh_error_handle ((-1), FIL__, __LINE__, 0, 349 380 MSG_SUID_ERROR, 350 381 _("Not truncated because hardlink count gt 1")); 382 SH_MUTEX_UNLOCK(mutex_thread_nolog); 351 383 (void) sl_close_fd(FIL__, __LINE__, fd); 352 384 return -1; … … 356 388 if (-1 == /*@-unrecog@*/ftruncate(fd, 0)/*@+unrecog@*/) 357 389 { 390 SH_MUTEX_LOCK(mutex_thread_nolog); 358 391 sh_error_handle ((-1), FIL__, __LINE__, errno, 359 392 MSG_SUID_ERROR, 360 393 sh_error_message(errno, errbuf, sizeof(errbuf))); 394 SH_MUTEX_UNLOCK(mutex_thread_nolog); 361 395 (void) sl_close_fd(FIL__, __LINE__, fd); 362 396 return -1; … … 367 401 if (-1 == retry_aud_unlink(FIL__, __LINE__, path)) 368 402 { 403 SH_MUTEX_LOCK(mutex_thread_nolog); 369 404 sh_error_handle ((-1), FIL__, __LINE__, errno, 370 405 MSG_SUID_ERROR, 371 406 sh_error_message(errno, errbuf, sizeof(errbuf))); 407 SH_MUTEX_UNLOCK(mutex_thread_nolog); 372 408 (void) sl_close_fd(FIL__, __LINE__, fd); 373 409 return -1; … … 381 417 static int do_truncate (const char * path_in) 382 418 { 383 int caperr;419 volatile int caperr; 384 420 int result; 385 421 char * path; … … 388 424 if (0 != chdir("/")) 389 425 { 426 SH_MUTEX_LOCK(mutex_thread_nolog); 390 427 sh_error_handle ((-1), FIL__, __LINE__, errno, 391 428 MSG_SUID_ERROR, 392 429 sh_error_message(errno, errbuf, sizeof(errbuf))); 430 SH_MUTEX_UNLOCK(mutex_thread_nolog); 393 431 } 394 432 395 433 if (0 != (caperr = sl_get_cap_qdel())) 396 434 { 435 SH_MUTEX_LOCK(mutex_thread_nolog); 397 436 sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN, 398 437 sh_error_message (caperr, errbuf, sizeof(errbuf)), 399 438 _("sl_get_cap_qdel")); 439 SH_MUTEX_UNLOCK(mutex_thread_nolog); 400 440 } 401 441 … … 406 446 if (0 != (caperr = sl_drop_cap_qdel())) 407 447 { 448 SH_MUTEX_LOCK(mutex_thread_nolog); 408 449 sh_error_handle((-1), FIL__, __LINE__, caperr, MSG_E_SUBGEN, 409 450 sh_error_message (caperr, errbuf, sizeof(errbuf)), 410 451 _("sl_drop_cap_qdel")); 452 SH_MUTEX_UNLOCK(mutex_thread_nolog); 411 453 } 412 454 413 455 if (0 != chdir("/")) 414 456 { 457 SH_MUTEX_LOCK(mutex_thread_nolog); 415 458 sh_error_handle ((-1), FIL__, __LINE__, errno, 416 459 MSG_SUID_ERROR, 417 460 sh_error_message(errno, errbuf, sizeof(errbuf))); 461 SH_MUTEX_UNLOCK(mutex_thread_nolog); 418 462 } 419 463 return result; 420 464 } 465 466 /* This variable is not used anywhere. It only exists 467 * to assign &dirlist to it, which keeps gcc from 468 * putting it into a register, and avoids the 'clobbered 469 * by longjmp' warning. And no, 'volatile' proved insufficient. 470 */ 471 static void * sh_dummy_tmp = NULL; 421 472 422 473 static void sh_q_delete(const char * fullpath) … … 426 477 char * tmp; 427 478 479 /* Take the address to keep gcc from putting it into a register. 480 * Avoids the 'clobbered by longjmp' warning. 481 */ 482 sh_dummy_tmp = (void*) &tmp; 483 428 484 if (do_truncate (fullpath) == -1) 429 485 { … … 435 491 _("Problem quarantining file. File NOT quarantined. errno = %ld"), 436 492 status); 493 SH_MUTEX_LOCK(mutex_thread_nolog); 437 494 sh_error_handle (ShSuidchkSeverity, 438 495 FIL__, __LINE__, … … 440 497 MSG_SUID_QREPORT, msg, 441 498 tmp ); 499 SH_MUTEX_UNLOCK(mutex_thread_nolog); 442 500 SH_FREE(tmp); 443 501 SH_FREE(msg); … … 446 504 { 447 505 tmp = sh_util_safe_name(fullpath); 506 SH_MUTEX_LOCK(mutex_thread_nolog); 448 507 sh_error_handle (ShSuidchkSeverity, 449 508 FIL__, __LINE__, 0, … … 451 510 _("Quarantine method applied"), 452 511 tmp ); 512 SH_MUTEX_UNLOCK(mutex_thread_nolog); 453 513 SH_FREE(tmp); 454 514 } 455 515 return; 456 516 } 517 518 /* This variable is not used anywhere. It only exists 519 * to assign &dirlist to it, which keeps gcc from 520 * putting it into a register, and avoids the 'clobbered 521 * by longjmp' warning. And no, 'volatile' proved insufficient. 522 */ 523 static void * sh_dummy_mtmp = NULL; 524 static void * sh_dummy_mmsg = NULL; 457 525 458 526 static void sh_q_move(const char * fullpath, file_type * theFile, … … 460 528 const char * timestrm) 461 529 { 462 intstatus;530 volatile int status; 463 531 int readFile = -1; 464 intwriteFile = -1;532 volatile int writeFile = -1; 465 533 struct stat fileInfo; 466 534 ssize_t count; … … 474 542 FILE * filePtr = NULL; 475 543 544 /* Take the address to keep gcc from putting it into a register. 545 * Avoids the 'clobbered by longjmp' warning. 546 */ 547 sh_dummy_mtmp = (void*) &tmp; 548 sh_dummy_mmsg = (void*) &msg; 549 476 550 (void) sl_strlcpy (dir, DEFAULT_QDIR, PATH_MAX+1); 477 551 … … 487 561 _("Problem quarantining file. File NOT quarantined. errno = %ld (stat)"), 488 562 status); 563 SH_MUTEX_LOCK(mutex_thread_nolog); 489 564 sh_error_handle (ShSuidchkSeverity, 490 565 FIL__, __LINE__, … … 492 567 MSG_SUID_QREPORT, msg, 493 568 tmp ); 569 SH_MUTEX_UNLOCK(mutex_thread_nolog); 494 570 SH_FREE(tmp); 495 571 SH_FREE(msg); … … 505 581 506 582 (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld(stat)"), status); 583 SH_MUTEX_LOCK(mutex_thread_nolog); 507 584 sh_error_handle (ShSuidchkSeverity, 508 585 FIL__, __LINE__, … … 510 587 MSG_SUID_QREPORT, 511 588 msg, tmp ); 589 SH_MUTEX_UNLOCK(mutex_thread_nolog); 512 590 SH_FREE(tmp); 513 591 SH_FREE(msg); … … 535 613 536 614 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (open)"), status); 615 SH_MUTEX_LOCK(mutex_thread_nolog); 537 616 sh_error_handle (ShSuidchkSeverity, 538 617 FIL__, __LINE__, status, 539 618 MSG_SUID_QREPORT, 540 619 msg, tmp ); 620 SH_MUTEX_UNLOCK(mutex_thread_nolog); 541 621 SH_FREE(tmp); 542 622 SH_FREE(msg); … … 556 636 (void) sl_snprintf(msg, SH_BUFSIZE, 557 637 _("I/O error. errno = %ld (write)"), status); 638 SH_MUTEX_LOCK(mutex_thread_nolog); 558 639 sh_error_handle (ShSuidchkSeverity, 559 640 FIL__, … … 562 643 MSG_SUID_QREPORT, 563 644 msg, tmp ); 645 SH_MUTEX_UNLOCK(mutex_thread_nolog); 564 646 SH_FREE(tmp); 565 647 SH_FREE(msg); … … 581 663 _("Problem quarantining file. File NOT quarantined. errno = %ld"), 582 664 status); 665 SH_MUTEX_LOCK(mutex_thread_nolog); 583 666 sh_error_handle (ShSuidchkSeverity, 584 667 FIL__, __LINE__, status, 585 668 MSG_SUID_QREPORT, 586 669 msg, tmp ); 670 SH_MUTEX_UNLOCK(mutex_thread_nolog); 587 671 SH_FREE(tmp); 588 672 SH_FREE(msg); … … 619 703 620 704 tmp = sh_util_safe_name(fullpath); 705 SH_MUTEX_LOCK(mutex_thread_nolog); 621 706 sh_error_handle (ShSuidchkSeverity, 622 707 FIL__,__LINE__, … … 624 709 _("Quarantine method applied"), 625 710 tmp ); 711 SH_MUTEX_UNLOCK(mutex_thread_nolog); 626 712 SH_FREE(tmp); 627 713 } … … 633 719 } 634 720 721 /* This variable is not used anywhere. It only exists 722 * to assign &dirlist to it, which keeps gcc from 723 * putting it into a register, and avoids the 'clobbered 724 * by longjmp' warning. And no, 'volatile' proved insufficient. 725 */ 726 static void * sh_dummy_ctmp = NULL; 727 static void * sh_dummy_cmsg = NULL; 728 635 729 static void sh_q_changeperm(const char * fullpath) 636 730 { 637 intcaperr;638 intstatus;731 volatile int caperr; 732 volatile int status; 639 733 char * msg; 640 734 char * tmp; … … 642 736 struct stat fileInfo_F; 643 737 int cperm_status = 0; 644 intfile_d = -1;738 volatile int file_d = -1; 645 739 char errbuf[SH_ERRBUF_SIZE]; 740 741 /* Take the address to keep gcc from putting it into a register. 742 * Avoids the 'clobbered by longjmp' warning. 743 */ 744 sh_dummy_ctmp = (void*) &tmp; 745 sh_dummy_cmsg = (void*) &msg; 646 746 647 747 if (retry_lstat(FIL__, __LINE__, fullpath, &fileInfo) == -1) … … 652 752 653 753 (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); 754 SH_MUTEX_LOCK(mutex_thread_nolog); 654 755 sh_error_handle (ShSuidchkSeverity, 655 756 FIL__, __LINE__, … … 657 758 MSG_SUID_QREPORT, msg, 658 759 tmp ); 760 SH_MUTEX_UNLOCK(mutex_thread_nolog); 659 761 SH_FREE(tmp); 660 762 SH_FREE(msg); … … 666 768 if (0 != (caperr = sl_get_cap_qdel())) 667 769 { 770 SH_MUTEX_LOCK(mutex_thread_nolog); 668 771 sh_error_handle((-1), FIL__, __LINE__, 669 772 caperr, MSG_E_SUBGEN, 670 773 sh_error_message (caperr, errbuf, sizeof(errbuf)), 671 774 _("sl_get_cap_qdel")); 775 SH_MUTEX_UNLOCK(mutex_thread_nolog); 672 776 cperm_status = -1; 673 777 } … … 685 789 686 790 (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); 791 SH_MUTEX_LOCK(mutex_thread_nolog); 687 792 sh_error_handle (ShSuidchkSeverity, 688 793 FIL__, __LINE__, … … 690 795 MSG_SUID_QREPORT, msg, 691 796 tmp ); 797 SH_MUTEX_UNLOCK(mutex_thread_nolog); 692 798 SH_FREE(tmp); 693 799 SH_FREE(msg); … … 706 812 (void) sl_snprintf(msg, SH_BUFSIZE, 707 813 _("I/O error. errno = %ld"), status); 814 SH_MUTEX_LOCK(mutex_thread_nolog); 708 815 sh_error_handle (ShSuidchkSeverity, 709 816 FIL__, __LINE__, … … 711 818 MSG_SUID_QREPORT, msg, 712 819 tmp ); 820 SH_MUTEX_UNLOCK(mutex_thread_nolog); 713 821 SH_FREE(tmp); 714 822 SH_FREE(msg); … … 729 837 (void) sl_snprintf(msg, SH_BUFSIZE, 730 838 _("Race detected. errno = %ld"), status); 839 SH_MUTEX_LOCK(mutex_thread_nolog); 731 840 sh_error_handle (ShSuidchkSeverity, 732 841 FIL__, __LINE__, … … 734 843 MSG_SUID_QREPORT, msg, 735 844 tmp ); 845 SH_MUTEX_UNLOCK(mutex_thread_nolog); 736 846 SH_FREE(tmp); 737 847 SH_FREE(msg); … … 756 866 _("Problem quarantining file. File NOT quarantined. errno = %ld"), 757 867 status); 868 SH_MUTEX_LOCK(mutex_thread_nolog); 758 869 sh_error_handle (ShSuidchkSeverity, 759 870 FIL__, __LINE__, … … 761 872 MSG_SUID_QREPORT, 762 873 msg, tmp ); 874 SH_MUTEX_UNLOCK(mutex_thread_nolog); 763 875 SH_FREE(tmp); 764 876 SH_FREE(msg); … … 767 879 { 768 880 tmp = sh_util_safe_name(fullpath); 881 SH_MUTEX_LOCK(mutex_thread_nolog); 769 882 sh_error_handle (ShSuidchkSeverity, 770 883 FIL__, __LINE__, … … 773 886 _("Quarantine method applied"), 774 887 tmp ); 888 SH_MUTEX_UNLOCK(mutex_thread_nolog); 775 889 SH_FREE(tmp); 776 890 } … … 779 893 if (0 != (caperr = sl_drop_cap_qdel())) 780 894 { 895 SH_MUTEX_LOCK(mutex_thread_nolog); 781 896 sh_error_handle((-1), FIL__, __LINE__, 782 897 caperr, MSG_E_SUBGEN, 783 898 sh_error_message (caperr, errbuf, sizeof(errbuf)), 784 899 _("sl_drop_cap_qdel")); 900 SH_MUTEX_UNLOCK(mutex_thread_nolog); 785 901 } 786 902 … … 799 915 (void) sl_snprintf(msg, SH_BUFSIZE, 800 916 _("I/O error. errno = %ld"), status); 917 SH_MUTEX_LOCK(mutex_thread_nolog); 801 918 sh_error_handle (ShSuidchkSeverity, 802 919 FIL__, __LINE__, … … 804 921 MSG_SUID_QREPORT, msg, 805 922 tmp ); 923 SH_MUTEX_UNLOCK(mutex_thread_nolog); 806 924 SH_FREE(tmp); 807 925 SH_FREE(msg); … … 836 954 /*@+usedef@*/ 837 955 956 SH_MUTEX_LOCK(mutex_thread_nolog); 838 957 sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, 839 958 0, MSG_SUID_POLICY, 840 959 _("suid/sgid file not in database"), 841 960 tmp, msg ); 961 SH_MUTEX_UNLOCK(mutex_thread_nolog); 842 962 SH_FREE(tmp); 843 963 SH_FREE(msg); 844 964 return; 845 965 } 966 967 /* This variable is not used anywhere. It only exists 968 * to assign &dirlist to it, which keeps gcc from 969 * putting it into a register, and avoids the 'clobbered 970 * by longjmp' warning. And no, 'volatile' proved insufficient. 971 */ 972 static void * sh_dummy_dirlist = NULL; 973 static void * sh_dummy_itmp = NULL; 974 846 975 847 976 static … … 856 985 char timestrm[32]; 857 986 struct stat buf; 858 intstatus;987 volatile int status; 859 988 int fflags; 860 989 char * fs; 861 longsl_status;990 volatile long sl_status; 862 991 file_type * theFile = NULL; 863 992 char fileHash[2*(KEY_LEN + 1)]; … … 869 998 SL_ENTER(_("sh_suidchk_check_internal")); 870 999 1000 /* Take the address to keep gcc from putting it into a register. 1001 * Avoids the 'clobbered by longjmp' warning. 1002 */ 1003 sh_dummy_dirlist = (void*) &dirlist; 1004 sh_dummy_itmp = (void*) &tmp; 1005 871 1006 if (iname == NULL) 872 1007 { … … 885 1020 status = errno; 886 1021 tmp = sh_util_safe_name(iname); 1022 SH_MUTEX_LOCK(mutex_thread_nolog); 887 1023 sh_error_handle (ShDFLevel[SH_ERR_T_DIR], FIL__, __LINE__, status, 888 1024 MSG_E_OPENDIR, 889 1025 sh_error_message (status, errbuf, sizeof(errbuf)), tmp); 1026 SH_MUTEX_UNLOCK(mutex_thread_nolog); 890 1027 SH_FREE(tmp); 891 1028 SL_RETURN( (-1), _("sh_suidchk_check_internal")); … … 954 1091 { 955 1092 tmp = sh_util_safe_name(tmpcat); 1093 SH_MUTEX_LOCK(mutex_thread_nolog); 956 1094 sh_error_handle ((-1), FIL__, __LINE__, (int) sl_status, 957 1095 MSG_E_SUBGPATH, 958 1096 _("path too long"), 959 1097 _("sh_suidchk_check_internal"), tmp ); 1098 SH_MUTEX_UNLOCK(mutex_thread_nolog); 960 1099 SH_FREE(tmp); 961 1100 SH_FREE(tmpcat); … … 985 1124 if (status != 0) 986 1125 { 987 int elevel = SH_ERR_ERR;1126 volatile int elevel = SH_ERR_ERR; 988 1127 size_t tlen; 989 1128 … … 993 1132 if (tlen >= 6 && 0 == strcmp(&tmp[tlen-6], _("/.gvfs"))) 994 1133 elevel = SH_ERR_NOTICE; 1134 SH_MUTEX_LOCK(mutex_thread_nolog); 995 1135 sh_error_handle (elevel, FIL__, __LINE__, status, MSG_ERR_LSTAT, 996 1136 sh_error_message(status, errbuf, sizeof(errbuf)), 997 1137 tmp ); 1138 SH_MUTEX_UNLOCK(mutex_thread_nolog); 998 1139 SH_FREE(tmp); 999 1140 } … … 1058 1199 if (status != 0) 1059 1200 { 1201 SH_MUTEX_LOCK(mutex_thread_nolog); 1060 1202 sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, 1061 1203 0, MSG_E_SUBGPATH, … … 1063 1205 _("sh_suidchk_check_internal"), 1064 1206 tmp); 1207 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1065 1208 } 1066 1209 else … … 1071 1214 sh.flag.checkSum == SH_CHECK_CHECK)) 1072 1215 { 1216 int compret; 1217 1073 1218 /* Updating database. Report new files that 1074 1219 * are not in database already. Then compare … … 1077 1222 if (-1 == sh_hash_have_it (tmpcat)) 1078 1223 { 1224 SH_MUTEX_LOCK(mutex_thread_nolog); 1079 1225 sh_error_handle ((-1), FIL__, __LINE__, 1080 1226 0, MSG_SUID_FOUND, tmp ); 1227 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1081 1228 } 1082 1229 else 1083 1230 { 1231 SH_MUTEX_LOCK(mutex_thread_nolog); 1084 1232 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 1085 1233 0, MSG_SUID_FOUND, tmp ); 1234 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1086 1235 } 1087 1236 1088 if (0 == sh_hash_compdata (SH_LEVEL_READONLY, 1089 theFile, fileHash, 1090 _("[SuidCheck]"), 1091 ShSuidchkSeverity)) 1237 SH_MUTEX_LOCK(mutex_thread_nolog); 1238 compret = sh_hash_compdata (SH_LEVEL_READONLY, 1239 theFile, fileHash, 1240 _("[SuidCheck]"), 1241 ShSuidchkSeverity); 1242 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1243 1244 if (compret == 0) 1092 1245 { 1093 sh_hash_pushdata_memory (theFile, fileHash); 1246 sh_hash_pushdata_memory (theFile, fileHash); /* no call to sh_error_handle */ 1094 1247 } 1095 1248 1096 sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); 1249 sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); /* no call to sh_error_handle */ 1097 1250 1098 1251 } … … 1103 1256 /* Running init. Report on files detected. 1104 1257 */ 1105 sh_hash_pushdata (theFile, fileHash); 1258 sh_hash_pushdata (theFile, fileHash); /* no call to sh_error_handle */ 1259 SH_MUTEX_LOCK(mutex_thread_nolog); 1106 1260 sh_error_handle ((-1), FIL__, __LINE__, 1107 1261 0, MSG_SUID_FOUND, tmp ); 1262 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1108 1263 } 1109 1264 … … 1113 1268 * detected, and quarantine them. 1114 1269 */ 1270 SH_MUTEX_LOCK(mutex_thread_nolog); 1115 1271 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 1116 1272 0, MSG_SUID_FOUND, tmp ); 1273 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1117 1274 1118 fflags = sh_hash_getflags(tmpcat); 1275 fflags = sh_hash_getflags(tmpcat); /* no call to sh_error_handle */ 1119 1276 1120 1277 if ( (-1 == fflags) || (!SH_FFLAG_SUIDCHK_SET(fflags))) … … 1144 1301 break; 1145 1302 default: 1303 SH_MUTEX_LOCK(mutex_thread_nolog); 1146 1304 sh_error_handle (ShSuidchkSeverity, FIL__, 1147 1305 __LINE__, 0, MSG_SUID_QREPORT, 1148 1306 _("Bad quarantine method"), tmp); 1307 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1149 1308 break; 1150 1309 } … … 1154 1313 /* 1.8.1 push file to in-memory database 1155 1314 */ 1315 SH_MUTEX_LOCK(mutex_thread_nolog); 1156 1316 (void) sh_hash_compdata (SH_LEVEL_READONLY, 1157 1317 theFile, fileHash, 1158 1318 _("[SuidCheck]"), 1159 1319 ShSuidchkSeverity); 1320 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1160 1321 1161 sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); 1322 sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); /* no call to sh_error_handle */ 1162 1323 1163 1324 } … … 1167 1328 /* File exists. Check for modifications. 1168 1329 */ 1330 SH_MUTEX_LOCK(mutex_thread_nolog); 1169 1331 (void) sh_hash_compdata (SH_LEVEL_READONLY, 1170 1332 theFile, fileHash, 1171 1333 _("[SuidCheck]"), 1172 1334 ShSuidchkSeverity); 1173 1174 sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); 1335 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1336 sh_hash_addflag(tmpcat, SH_FFLAG_SUIDCHK); /* no call to sh_error_handle */ 1175 1337 1176 1338 } … … 1192 1354 { 1193 1355 status = errno; 1356 SH_MUTEX_LOCK(mutex_thread_nolog); 1194 1357 sh_error_handle ((-1), FIL__, __LINE__, status, MSG_E_SUBGEN, 1195 1358 _("Failed to release time slice"), 1196 1359 _("sh_suidchk_check_internal") ); 1360 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1197 1361 } 1198 1362 } … … 1216 1380 int sh_suidchk_init (struct mod_type * arg) 1217 1381 { 1382 #ifndef HAVE_PTHREAD 1218 1383 (void) arg; 1384 #endif 1385 1219 1386 if (ShSuidchkActive == S_FALSE) 1220 return (-1); 1387 return SH_MOD_FAILED; 1388 1389 #ifdef HAVE_PTHREAD 1390 if (arg != NULL && arg->initval < 0 && 1391 (sh.flag.isdaemon == S_TRUE || sh.flag.loop == S_TRUE)) 1392 { 1393 if (0 == sh_pthread_create(sh_threaded_module_run, (void *)arg)) 1394 return SH_MOD_THREAD; 1395 else 1396 return SH_MOD_FAILED; 1397 } 1398 #endif 1221 1399 1222 1400 return (0); … … 1270 1448 int sh_suidchk_check () 1271 1449 { 1272 int status;1450 volatile int status; 1273 1451 1274 1452 SL_ENTER(_("sh_suidchk_check")); 1275 1453 1454 if (ShSuidchkActive == S_FALSE) 1455 SL_RETURN(-1, _("sh_suidchk_check")); 1456 1457 SH_MUTEX_LOCK(mutex_thread_nolog); 1276 1458 sh_error_handle (SH_ERR_NOTICE, FIL__, __LINE__, EINVAL, MSG_E_SUBGEN, 1277 1459 _("Checking for SUID programs"), 1278 1460 _("suidchk_check") ); 1461 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1279 1462 1280 1463 FileLimNow = time(NULL); … … 1289 1472 #endif 1290 1473 1474 SH_MUTEX_LOCK(mutex_thread_nolog); 1291 1475 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_SUID_SUMMARY, 1292 1476 FileLimTotal, 1293 1477 (long) (time(NULL) - FileLimStart) ); 1478 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1294 1479 1295 1480 SL_RETURN(status, _("sh_suidchk_check")); … … 1346 1531 int sh_suidchk_set_timer (const char * c) 1347 1532 { 1348 long val;1533 volatile long val; 1349 1534 1350 1535 SL_ENTER(_("sh_suidchk_set_timer")); … … 1352 1537 val = strtol (c, (char **)NULL, 10); 1353 1538 if (val <= 0) 1354 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, 1355 _("suidchk timer"), c); 1356 1539 { 1540 SH_MUTEX_LOCK(mutex_thread_nolog); 1541 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, 1542 _("suidchk timer"), c); 1543 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1544 } 1357 1545 val = (val <= 0 ? 7200 : val); 1358 1546 … … 1379 1567 int sh_suidchk_reconf () 1380 1568 { 1569 SH_MUTEX_LOCK(mutex_suid_check); 1381 1570 sh_suidchk_free_schedule(); 1382 1571 set_defaults(); 1572 SH_MUTEX_UNLOCK(mutex_suid_check); 1383 1573 return 0; 1384 1574 } … … 1424 1614 int sh_suidchk_set_fps (const char * c) 1425 1615 { 1426 long val;1616 volatile long val; 1427 1617 1428 1618 SL_ENTER(_("sh_suidchk_set_fps")); … … 1430 1620 val = strtol (c, (char **)NULL, 10); 1431 1621 if (val < 0) 1432 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, 1433 _("suidchk fps"), c); 1434 1622 { 1623 SH_MUTEX_LOCK(mutex_thread_nolog); 1624 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, 1625 _("suidchk fps"), c); 1626 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1627 } 1435 1628 val = (val < 0 ? 0 : val); 1436 1629 … … 1486 1679 int sh_suidchk_set_qmethod (const char * c) 1487 1680 { 1488 long val;1489 int ret = 0;1681 volatile long val; 1682 volatile int ret = 0; 1490 1683 struct stat buf; 1491 1684 … … 1495 1688 if (val < 0) 1496 1689 { 1690 SH_MUTEX_LOCK(mutex_thread_nolog); 1497 1691 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, 1498 1692 _("suidchk qmethod"), c); 1693 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1499 1694 ret = -1; 1500 1695 } … … 1514 1709 if (mkdir (DEFAULT_QDIR, 0750) == -1) 1515 1710 { 1711 SH_MUTEX_LOCK(mutex_thread_nolog); 1516 1712 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, 1517 1713 MSG_SUID_ERROR, 1518 1714 _("Unable to create quarantine directory")); 1715 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1519 1716 } 1520 1717 } … … 1522 1719 break; 1523 1720 default: 1721 SH_MUTEX_LOCK(mutex_thread_nolog); 1524 1722 sh_error_handle ((-1), FIL__, __LINE__, EINVAL, MSG_EINVALS, 1525 1723 _("suidchk qmethod"), c); 1724 SH_MUTEX_UNLOCK(mutex_thread_nolog); 1526 1725 ShSuidchkQMethod = -1; 1527 1726 ret = -1; … … 1972 2171 } 1973 2172 2173 /* This variable is not used anywhere. It only exists 2174 * to assign &dirlist to it, which keeps gcc from 2175 * putting it into a register, and avoids the 'clobbered 2176 * by longjmp' warning. And no, 'volatile' proved insufficient. 2177 */ 2178 static void * sh_dummy_type = NULL; 2179 2180 1974 2181 /* Return a newly allocated string naming the type of filesystem that the 1975 2182 file PATH, described by STATP, is on. … … 1999 2206 if (mfp == NULL) 2000 2207 { 2208 SH_MUTEX_LOCK(mutex_thread_nolog); 2001 2209 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, 2002 2210 _("setmntent() failed"), 2003 2211 _("filesystem_type_uncached") ); 2212 SH_MUTEX_UNLOCK(mutex_thread_nolog); 2004 2213 return NULL; 2005 2214 } 2215 2216 /* Take the address to keep gcc from putting it into a register. 2217 * Avoids the 'clobbered by longjmp' warning. 2218 */ 2219 sh_dummy_type = (void*) &type; 2006 2220 2007 2221 /* Find the entry with the same device number as STATP, and return … … 2041 2255 { 2042 2256 char errmsg[256]; 2043 int elevel = SH_ERR_ERR;2257 volatile int elevel = SH_ERR_ERR; 2044 2258 size_t tlen = strlen(mnt->mnt_dir); 2045 2259 if (tlen >= 6 && 0 == strcmp(&((mnt->mnt_dir)[tlen-6]), _("/.gvfs"))) … … 2047 2261 sl_snprintf(errmsg, sizeof(errmsg), _("stat(%s) failed"), 2048 2262 mnt->mnt_dir); 2263 SH_MUTEX_LOCK(mutex_thread_nolog); 2049 2264 sh_error_handle (elevel, FIL__, __LINE__, 0, MSG_E_SUBGEN, 2050 2265 errmsg, 2051 2266 _("filesystem_type_uncached") ); 2267 SH_MUTEX_UNLOCK(mutex_thread_nolog); 2052 2268 return NULL; 2053 2269 } … … 2072 2288 if (endmntent (mfp) == 0) 2073 2289 { 2290 SH_MUTEX_LOCK(mutex_thread_nolog); 2074 2291 sh_error_handle ((-1), FIL__, __LINE__, 0, MSG_E_SUBGEN, 2075 2292 _("endmntent() failed"), 2076 2293 _("filesystem_type_uncached") ); 2294 SH_MUTEX_UNLOCK(mutex_thread_nolog); 2077 2295 } 2078 2296 #endif … … 2085 2303 return NULL; 2086 2304 2305 /* Take the address to keep gcc from putting it into a register. 2306 * Avoids the 'clobbered by longjmp' warning. 2307 */ 2308 sh_dummy_type = (void*) &type; 2309 2087 2310 while (type == NULL 2088 2311 && getmnt (&offset, &fsd, sizeof (fsd), NOSTAT_MANY, 0) > 0) … … 2100 2323 return NULL; 2101 2324 2325 /* Take the address to keep gcc from putting it into a register. 2326 * Avoids the 'clobbered by longjmp' warning. 2327 */ 2328 sh_dummy_type = (void*) &type; 2329 2102 2330 if (statfs (relpath, &fss, sizeof (struct statfs), 0) == -1) 2103 2331 { … … 2105 2333 if (errno != ENOENT) 2106 2334 { 2335 SH_MUTEX_LOCK(mutex_thread_nolog); 2107 2336 sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, 2108 2337 _("statfs() failed"), 2109 2338 _("filesystem_type_uncached") ); 2339 SH_MUTEX_UNLOCK(mutex_thread_nolog); 2110 2340 return NULL; 2111 2341 } … … 2120 2350 if (path == NULL || relpath == NULL) 2121 2351 return NULL; 2352 2353 /* Take the address to keep gcc from putting it into a register. 2354 * Avoids the 'clobbered by longjmp' warning. 2355 */ 2356 sh_dummy_type = (void*) &type; 2122 2357 2123 2358 if (statvfs (relpath, &fss) == -1) … … 2126 2361 if (errno != ENOENT) 2127 2362 { 2363 SH_MUTEX_LOCK(mutex_thread_nolog); 2128 2364 sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, 2129 2365 _("statvfs() failed"), 2130 2366 _("filesystem_type_uncached") ); 2367 SH_MUTEX_UNLOCK(mutex_thread_nolog); 2131 2368 return NULL; 2132 2369 } … … 2155 2392 return NULL; 2156 2393 2394 /* Take the address to keep gcc from putting it into a register. 2395 * Avoids the 'clobbered by longjmp' warning. 2396 */ 2397 sh_dummy_type = (void*) &type; 2398 2157 2399 if (S_ISLNK (statp->st_mode)) 2158 2400 p = sh_dirname (relpath); … … 2166 2408 if (errno != ENOENT) 2167 2409 { 2410 SH_MUTEX_LOCK(mutex_thread_nolog); 2168 2411 sh_error_handle ((-1), FIL__, __LINE__, errno, MSG_E_SUBGEN, 2169 2412 _("statfs() failed"), 2170 2413 _("filesystem_type_uncached") ); 2414 SH_MUTEX_UNLOCK(mutex_thread_nolog); 2171 2415 return NULL; 2172 2416 } -
trunk/src/sh_unix.c
r252 r253 4598 4598 int status = 0; 4599 4599 int pagesize; 4600 sh_page_l * page_list = sh_page_locked;4600 sh_page_l * page_list; 4601 4601 unsigned long addr; 4602 4602 #ifdef TEST_MLOCK … … 4609 4609 */ 4610 4610 SH_MUTEX_LOCK_UNSAFE(mutex_mlock); 4611 4612 page_list = sh_page_locked; 4611 4613 4612 4614 if (0 != page_locking) … … 4703 4705 { 4704 4706 int num_pages; 4705 int unlocked = 0;4706 int status = 0;4707 int unlocked; 4708 int status; 4707 4709 int pagesize; 4708 sh_page_l * page_list = sh_page_locked;4710 sh_page_l * page_list; 4709 4711 sh_page_l * page_last; 4710 4712 unsigned long addr; … … 4723 4725 */ 4724 4726 SH_MUTEX_LOCK_UNSAFE(mutex_mlock); 4727 4728 unlocked = 0; 4729 status = 0; 4730 page_list = sh_page_locked; 4725 4731 4726 4732 if (0 != page_locking) … … 4848 4854 { 4849 4855 int i = 0; 4850 char str[ 128];4851 sh_page_l * page_list = sh_page_locked;4856 char str[32][64]; 4857 sh_page_l * page_list; 4852 4858 4853 4859 SL_ENTER(_("sh_unix_count_mlock")); 4860 4861 /* There's no cancellation point here, except if tracing is on 4862 */ 4863 SH_MUTEX_LOCK_UNSAFE(mutex_mlock); 4864 4865 page_list = sh_page_locked; 4866 4854 4867 while (page_list != NULL) 4855 4868 { 4856 4869 #ifdef WITH_TPT 4857 sl_snprintf(str, sizeof(str), _("file: %s line: %d page: %d"), 4858 page_list->file, page_list->line, i+1); 4859 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN, 4860 str, _("sh_unix_count_mlock")); 4870 if (i < 32) 4871 sl_snprintf(str[i], 64, _("file: %s line: %d page: %d"), 4872 page_list->file, page_list->line, i+1); 4861 4873 #endif 4862 4874 page_list = page_list->next; 4863 4875 ++i; 4864 4876 } 4865 sl_snprintf(str, sizeof(str), _("%d pages locked"), i); 4877 4878 SH_MUTEX_UNLOCK_UNSAFE(mutex_mlock); 4879 4880 #ifdef WITH_TPT 4881 { 4882 int j = 0; 4883 while (j < i && j < 32) 4884 { 4885 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, j, MSG_E_SUBGEN, 4886 str[j], _("sh_unix_count_mlock")); 4887 ++j; 4888 } 4889 } 4890 #endif 4891 4892 sl_snprintf(str[0], 64, _("%d pages locked"), i); 4866 4893 sh_error_handle(SH_ERR_INFO, FIL__, __LINE__, i, MSG_E_SUBGEN, 4867 str , _("sh_unix_count_mlock"));4894 str[0], _("sh_unix_count_mlock")); 4868 4895 SL_RETURN((i), _("sh_unix_count_mlock")); 4869 4896 }
Note:
See TracChangeset
for help on using the changeset viewer.
