Changeset 94
- Timestamp:
- Mar 8, 2007, 3:29:35 PM (18 years ago)
- Location:
- trunk
- Files:
-
- 3 edited
-
docs/Changelog (modified) (1 diff)
-
src/sh_files.c (modified) (1 diff)
-
src/sh_suidchk.c (modified) (15 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/docs/Changelog
r93 r94 1 1 2.3.3: 2 * fix bug with leading slashes in liked path of symlinks within 2 * refactor sh_kern.c, sh_suidchk.c 3 * fix bug with leading slashes in linked path of symlinks within 3 4 the root directory 4 5 * sh_kern.c: check PCI ROM (Linux), refactor code -
trunk/src/sh_files.c
r78 r94 352 352 tmp = NULL; 353 353 } 354 SH_FREE(file); 355 SH_FREE(dir); 354 if (file) 355 SH_FREE(file); 356 if (dir) 357 SH_FREE(dir); 356 358 357 359 ptr->checked = S_TRUE; -
trunk/src/sh_suidchk.c
r68 r94 30 30 #include <errno.h> 31 31 #include <limits.h> 32 #ifdef HAVE_LIBGEN_H 33 #include <libgen.h> 34 #endif 32 35 33 #ifdef HAVE_SCHED_H 36 34 #include <sched.h> … … 38 36 39 37 #ifdef SH_USE_SUIDCHK 40 41 #ifndef HAVE_BASENAME42 #define basename(a) ((NULL == strrchr(a, '/')) ? (a) : (strrchr(a, '/')))43 #endif44 38 45 39 #undef FIL__ … … 353 347 } 354 348 355 static int do_truncate (char * path) 356 { 357 int caperr; 358 int result; 349 static int do_truncate (const char * path_in) 350 { 351 int caperr; 352 int result; 353 char * path; 359 354 360 355 if (0 != chdir("/")) … … 372 367 } 373 368 369 path = sh_util_strdup (path_in); 374 370 result = do_truncate_int (path, 0); 371 SH_FREE(path); 375 372 376 373 if (0 != (caperr = sl_drop_cap_qdel())) … … 390 387 } 391 388 389 static void sh_q_delete(const char * fullpath) 390 { 391 int status; 392 char * msg; 393 char * tmp; 394 395 if (do_truncate (fullpath) == -1) 396 { 397 status = errno; 398 msg = SH_ALLOC(SH_BUFSIZE); 399 tmp = sh_util_safe_name(fullpath); 400 401 (void) sl_snprintf(msg, SH_BUFSIZE, 402 _("Problem quarantining file. File NOT quarantined. errno = %ld"), 403 status); 404 sh_error_handle (ShSuidchkSeverity, 405 FIL__, __LINE__, 406 status, 407 MSG_SUID_QREPORT, msg, 408 tmp ); 409 SH_FREE(tmp); 410 SH_FREE(msg); 411 } 412 else 413 { 414 tmp = sh_util_safe_name(fullpath); 415 sh_error_handle (ShSuidchkSeverity, 416 FIL__, __LINE__, 0, 417 MSG_SUID_QREPORT, 418 _("Quarantine method applied"), 419 tmp ); 420 SH_FREE(tmp); 421 } 422 return; 423 } 424 425 static void sh_q_move(const char * fullpath, file_type * theFile, 426 const char * timestrc, const char * timestra, 427 const char * timestrm) 428 { 429 int status; 430 int readFile = -1; 431 int writeFile = -1;; 432 struct stat fileInfo; 433 ssize_t count; 434 char * msg; 435 char * tmp; 436 char * basetmp; 437 char * filetmp; 438 char buffer[1024]; 439 char * dir = SH_ALLOC(PATH_MAX+1); 440 mode_t umask_old; 441 FILE * filePtr = NULL; 442 443 (void) sl_strlcpy (dir, DEFAULT_QDIR, PATH_MAX+1); 444 445 if (retry_stat (FIL__, __LINE__, dir, &fileInfo) != 0) 446 { 447 /* Quarantine directory does not exist, 448 */ 449 status = errno; 450 msg = SH_ALLOC(SH_BUFSIZE); 451 tmp = sh_util_safe_name(fullpath); 452 453 (void) sl_snprintf(msg, SH_BUFSIZE, 454 _("Problem quarantining file. File NOT quarantined. errno = %ld (stat)"), 455 status); 456 sh_error_handle (ShSuidchkSeverity, 457 FIL__, __LINE__, 458 status, 459 MSG_SUID_QREPORT, msg, 460 tmp ); 461 SH_FREE(tmp); 462 SH_FREE(msg); 463 } 464 else 465 { 466 if (retry_lstat (FIL__, __LINE__, 467 fullpath, &fileInfo) == -1) 468 { 469 status = errno; 470 msg = SH_ALLOC(SH_BUFSIZE); 471 tmp = sh_util_safe_name(fullpath); 472 473 (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld(stat)"), status); 474 sh_error_handle (ShSuidchkSeverity, 475 FIL__, __LINE__, 476 status, 477 MSG_SUID_QREPORT, 478 msg, tmp ); 479 SH_FREE(tmp); 480 SH_FREE(msg); 481 } 482 else 483 { 484 basetmp = sh_util_strdup(fullpath); 485 filetmp = SH_ALLOC(PATH_MAX+1); 486 tmp = sh_util_basename(basetmp); 487 488 (void) sl_snprintf(filetmp, PATH_MAX+1, "%s/%s", 489 DEFAULT_QDIR, tmp); 490 SH_FREE(tmp); 491 SH_FREE(basetmp); 492 493 readFile = open (fullpath, O_RDONLY); 494 if (readFile != -1) 495 writeFile = open (filetmp, O_WRONLY|O_CREAT); 496 497 if ((readFile == -1) || (writeFile == -1)) 498 { 499 status = errno; 500 msg = SH_ALLOC(SH_BUFSIZE); 501 tmp = sh_util_safe_name(fullpath); 502 503 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (open)"), status); 504 sh_error_handle (ShSuidchkSeverity, 505 FIL__, __LINE__, status, 506 MSG_SUID_QREPORT, 507 msg, tmp ); 508 SH_FREE(tmp); 509 SH_FREE(msg); 510 } 511 else 512 { 513 /* sizeof(buffer) is 1024 514 */ 515 while ((count = (int) read (readFile, buffer, sizeof (buffer))) > 0) 516 { 517 if ((int) write (writeFile, buffer, (size_t) count) != count) 518 { 519 status = errno; 520 msg = SH_ALLOC(SH_BUFSIZE); 521 tmp = sh_util_safe_name(fullpath); 522 523 (void) sl_snprintf(msg, SH_BUFSIZE, 524 _("I/O error. errno = %ld (write)"), status); 525 sh_error_handle (ShSuidchkSeverity, 526 FIL__, 527 __LINE__, 528 status, 529 MSG_SUID_QREPORT, 530 msg, tmp ); 531 SH_FREE(tmp); 532 SH_FREE(msg); 533 } 534 } 535 } 536 537 (void) close (readFile); 538 (void) fchmod(writeFile, S_IRUSR | S_IWUSR | S_IXUSR); 539 (void) close (writeFile); 540 541 if (do_truncate (fullpath) == -1) 542 { 543 status = errno; 544 msg = SH_ALLOC(SH_BUFSIZE); 545 tmp = sh_util_safe_name(fullpath); 546 547 (void) sl_snprintf(msg, SH_BUFSIZE, 548 _("Problem quarantining file. File NOT quarantined. errno = %ld"), 549 status); 550 sh_error_handle (ShSuidchkSeverity, 551 FIL__, __LINE__, status, 552 MSG_SUID_QREPORT, 553 msg, tmp ); 554 SH_FREE(tmp); 555 SH_FREE(msg); 556 } 557 else 558 { 559 tmp = sh_util_basename(fullpath); 560 561 (void) sl_snprintf(filetmp, PATH_MAX+1, "%s/%s.info", 562 DEFAULT_QDIR, 563 tmp); 564 565 SH_FREE(tmp); 566 /* 567 * avoid chmod by setting umask 568 */ 569 umask_old = umask (0077); 570 filePtr = fopen (filetmp, "w+"); 571 572 /*@-usedef@*/ 573 if (filePtr) 574 { 575 fprintf(filePtr, 576 _("File Info:\n filename=%s\n size=%lu\n owner=%s(%d)\n group=%s(%d)\n ctime=%s\n atime=%s\n mtime=%s\n"), 577 fullpath, 578 (unsigned long) theFile->size, 579 theFile->c_owner, (int) theFile->owner, 580 theFile->c_group, (int) theFile->group, 581 timestrc, timestra, timestrm); 582 (void) fclose (filePtr); 583 } 584 /*@+usedef@*/ 585 umask (umask_old); 586 587 tmp = sh_util_safe_name(fullpath); 588 sh_error_handle (ShSuidchkSeverity, 589 FIL__,__LINE__, 590 0, MSG_SUID_QREPORT, 591 _("Quarantine method applied"), 592 tmp ); 593 SH_FREE(tmp); 594 } 595 SH_FREE(filetmp); 596 } 597 } 598 SH_FREE(dir); 599 return; 600 } 601 602 static void sh_q_changeperm(const char * fullpath) 603 { 604 int caperr; 605 int status; 606 char * msg; 607 char * tmp; 608 struct stat fileInfo; 609 struct stat fileInfo_F; 610 int cperm_status = 0; 611 int file_d = -1; 612 613 if (retry_lstat(FIL__, __LINE__, fullpath, &fileInfo) == -1) 614 { 615 status = errno; 616 msg = SH_ALLOC(SH_BUFSIZE); 617 tmp = sh_util_safe_name(fullpath); 618 619 (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); 620 sh_error_handle (ShSuidchkSeverity, 621 FIL__, __LINE__, 622 status, 623 MSG_SUID_QREPORT, msg, 624 tmp ); 625 SH_FREE(tmp); 626 SH_FREE(msg); 627 cperm_status = -1; 628 } 629 630 if (cperm_status == 0) 631 { 632 if (0 != (caperr = sl_get_cap_qdel())) 633 { 634 sh_error_handle((-1), FIL__, __LINE__, 635 caperr, MSG_E_SUBGEN, 636 sh_error_message (caperr), 637 _("sl_get_cap_qdel")); 638 cperm_status = -1; 639 } 640 } 641 642 if (cperm_status == 0) 643 { 644 file_d = aud_open (FIL__, __LINE__, SL_YESPRIV, 645 fullpath, O_RDONLY, 0); 646 if (-1 == file_d) 647 { 648 status = errno; 649 msg = SH_ALLOC(SH_BUFSIZE); 650 tmp = sh_util_safe_name(fullpath); 651 652 (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); 653 sh_error_handle (ShSuidchkSeverity, 654 FIL__, __LINE__, 655 status, 656 MSG_SUID_QREPORT, msg, 657 tmp ); 658 SH_FREE(tmp); 659 SH_FREE(msg); 660 cperm_status = -1; 661 } 662 } 663 664 if (cperm_status == 0) 665 { 666 if (retry_fstat(FIL__, __LINE__, file_d, &fileInfo_F) == -1) 667 { 668 status = errno; 669 msg = SH_ALLOC(SH_BUFSIZE); 670 tmp = sh_util_safe_name(fullpath); 671 672 (void) sl_snprintf(msg, SH_BUFSIZE, 673 _("I/O error. errno = %ld"), status); 674 sh_error_handle (ShSuidchkSeverity, 675 FIL__, __LINE__, 676 status, 677 MSG_SUID_QREPORT, msg, 678 tmp ); 679 SH_FREE(tmp); 680 SH_FREE(msg); 681 cperm_status = -1; 682 } 683 } 684 685 if (cperm_status == 0) 686 { 687 if (fileInfo_F.st_ino != fileInfo.st_ino || 688 fileInfo_F.st_dev != fileInfo.st_dev || 689 fileInfo_F.st_mode != fileInfo.st_mode) 690 { 691 status = errno; 692 msg = SH_ALLOC(SH_BUFSIZE); 693 tmp = sh_util_safe_name(fullpath); 694 695 (void) sl_snprintf(msg, SH_BUFSIZE, 696 _("Race detected. errno = %ld"), status); 697 sh_error_handle (ShSuidchkSeverity, 698 FIL__, __LINE__, 699 status, 700 MSG_SUID_QREPORT, msg, 701 tmp ); 702 SH_FREE(tmp); 703 SH_FREE(msg); 704 cperm_status = -1; 705 } 706 } 707 708 if ((fileInfo.st_mode & S_ISUID) > 0) 709 fileInfo.st_mode -= S_ISUID; 710 if ((fileInfo.st_mode & S_ISGID) > 0) 711 fileInfo.st_mode -= S_ISGID; 712 713 if (cperm_status == 0) 714 { 715 if (fchmod(file_d, fileInfo.st_mode) == -1) 716 { 717 status = errno; 718 msg = SH_ALLOC(SH_BUFSIZE); 719 tmp = sh_util_safe_name(fullpath); 720 721 (void) sl_snprintf(msg, SH_BUFSIZE, 722 _("Problem quarantining file. File NOT quarantined. errno = %ld"), 723 status); 724 sh_error_handle (ShSuidchkSeverity, 725 FIL__, __LINE__, 726 status, 727 MSG_SUID_QREPORT, 728 msg, tmp ); 729 SH_FREE(tmp); 730 SH_FREE(msg); 731 } 732 else 733 { 734 tmp = sh_util_safe_name(fullpath); 735 sh_error_handle (ShSuidchkSeverity, 736 FIL__, __LINE__, 737 0, 738 MSG_SUID_QREPORT, 739 _("Quarantine method applied"), 740 tmp ); 741 SH_FREE(tmp); 742 } 743 } 744 745 if (0 != (caperr = sl_drop_cap_qdel())) 746 { 747 sh_error_handle((-1), FIL__, __LINE__, 748 caperr, MSG_E_SUBGEN, 749 sh_error_message (caperr), 750 _("sl_drop_cap_qdel")); 751 } 752 753 if (file_d != -1) 754 { 755 do { 756 status = close (file_d); 757 } while (status == -1 && errno == EINTR); 758 759 if (-1 == status) 760 { 761 status = errno; 762 msg = SH_ALLOC(SH_BUFSIZE); 763 tmp = sh_util_safe_name(fullpath); 764 765 (void) sl_snprintf(msg, SH_BUFSIZE, 766 _("I/O error. errno = %ld"), status); 767 sh_error_handle (ShSuidchkSeverity, 768 FIL__, __LINE__, 769 status, 770 MSG_SUID_QREPORT, msg, 771 tmp ); 772 SH_FREE(tmp); 773 SH_FREE(msg); 774 cperm_status = -1; 775 } 776 } 777 return; 778 } 779 780 static void report_file (const char * tmpcat, file_type * theFile, 781 char * timestrc, char * timestra, char * timestrm) 782 { 783 char * msg = SH_ALLOC(SH_BUFSIZE); 784 char * tmp = sh_util_safe_name(tmpcat); 785 786 msg[0] = '\0'; 787 /*@-usedef@*/ 788 (void) sl_strlcpy (timestrc, 789 sh_unix_gmttime (theFile->ctime), 790 32); 791 (void) sl_strlcpy (timestra, 792 sh_unix_gmttime (theFile->atime), 793 32); 794 (void) sl_strlcpy (timestrm, 795 sh_unix_gmttime (theFile->mtime), 796 32); 797 #ifdef SH_USE_XML 798 (void) sl_snprintf(msg, SH_BUFSIZE, _("owner_new=\"%s\" iowner_new=\"%ld\" group_new=\"%s\" igroup_new=\"%ld\" size_new=\"%lu\" ctime_new=\"%s\" atime_new=\"%s\" mtime_new=\"%s\""), 799 theFile->c_owner, theFile->owner, 800 theFile->c_group, theFile->group, 801 (unsigned long) theFile->size, 802 timestrc, timestra, timestrm); 803 #else 804 (void) sl_snprintf(msg, SH_BUFSIZE, _("owner_new=<%s>, iowner_new=<%ld>, group_new=<%s>, igroup_new=<%ld>, filesize=<%lu>, ctime=<%s>, atime=<%s>, mtime=<%s>"), 805 theFile->c_owner, theFile->owner, 806 theFile->c_group, theFile->group, 807 (unsigned long) theFile->size, 808 timestrc, timestra, timestrm); 809 #endif 810 /*@+usedef@*/ 811 812 sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, 813 0, MSG_SUID_POLICY, 814 _("suid/sgid file not in database"), 815 tmp, msg ); 816 SH_FREE(tmp); 817 SH_FREE(msg); 818 return; 819 } 820 392 821 static 393 822 int sh_suidchk_check_internal (char * iname) 394 823 { 395 int caperr;396 824 DIR * thisDir = NULL; 397 FILE * filePtr = NULL;398 825 struct dirent * thisEntry; 399 826 char * tmpcat; 400 827 char * tmp; 401 char * msg;402 char * dir;403 char * filetmp;404 char * basetmp;405 828 char timestrc[32]; 406 829 char timestra[32]; 407 830 char timestrm[32]; 408 char buffer[1024];409 831 struct stat buf; 410 832 int status; 411 int count;412 int readFile = -1;413 int writeFile = -1;414 833 char * fs; 415 834 long sl_status = SL_ENONE; 416 struct stat fileInfo;417 struct stat fileInfo_F;418 int file_d;419 420 835 file_type theFile; 421 836 char fileHash[2*(KEY_LEN + 1)]; 422 837 423 mode_t umask_old;424 int cperm_status;425 838 426 839 SL_ENTER(_("sh_suidchk_check_internal")); … … 449 862 } 450 863 864 /* Loop over directory entries 865 */ 451 866 do { 452 867 … … 455 870 } 456 871 457 458 872 thisEntry = readdir (thisDir); 459 873 … … 470 884 471 885 if ((sl_strlen(tmpcat) != sl_strlen(iname)) || (tmpcat[0] == '\0')) 472 sl_status = SL_ETRUNC; 886 { 887 sl_status = SL_ETRUNC; 888 } 473 889 else 474 890 { … … 476 892 sl_status = sl_strlcat(tmpcat, "/", PATH_MAX); 477 893 } 894 478 895 if (! SL_ISERROR(sl_status)) 479 896 sl_status = sl_strlcat(tmpcat, thisEntry->d_name, PATH_MAX); 897 480 898 if (SL_ISERROR(sl_status)) 481 899 { … … 554 972 ) 555 973 ) 556 { /* way too long routine */974 { 557 975 558 976 (void) sl_strlcpy (theFile.fullpath, tmpcat, PATH_MAX); … … 584 1002 { 585 1003 sh_error_handle ((-1), FIL__, __LINE__, 586 0, MSG_SUID_FOUND, 587 tmp ); 1004 0, MSG_SUID_FOUND, tmp ); 588 1005 } 589 1006 else 590 1007 { 591 1008 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 592 0, MSG_SUID_FOUND, 593 tmp ); 1009 0, MSG_SUID_FOUND, tmp ); 594 1010 } 1011 595 1012 if (0 == sh_hash_compdata (SH_LEVEL_READONLY, 596 1013 &theFile, fileHash, … … 606 1023 sh_hash_pushdata (&theFile, fileHash); 607 1024 sh_error_handle ((-1), FIL__, __LINE__, 608 0, MSG_SUID_FOUND, 609 tmp ); 1025 0, MSG_SUID_FOUND, tmp ); 610 1026 } 611 1027 else if (sh.flag.checkSum == SH_CHECK_CHECK ) 612 1028 { 613 1029 sh_error_handle (SH_ERR_ALL, FIL__, __LINE__, 614 0, MSG_SUID_FOUND, 615 tmp ); 1030 0, MSG_SUID_FOUND, tmp ); 616 1031 if (-1 == sh_hash_have_it (tmpcat)) 617 1032 { 618 msg = SH_ALLOC(SH_BUFSIZE); 619 msg[0] = '\0'; 620 /*@-usedef@*/ 621 (void) sl_strlcpy (timestrc, 622 sh_unix_gmttime (theFile.ctime), 623 32); 624 (void) sl_strlcpy (timestra, 625 sh_unix_gmttime (theFile.atime), 626 32); 627 (void) sl_strlcpy (timestrm, 628 sh_unix_gmttime (theFile.mtime), 629 32); 630 #ifdef SH_USE_XML 631 (void) sl_snprintf(msg, SH_BUFSIZE, _("owner_new=\"%s\" iowner_new=\"%ld\" group_new=\"%s\" igroup_new=\"%ld\" size_new=\"%lu\" ctime_new=\"%s\" atime_new=\"%s\" mtime_new=\"%s\""), 632 theFile.c_owner, theFile.owner, 633 theFile.c_group, theFile.group, 634 (unsigned long) theFile.size, 635 timestrc, timestra, timestrm); 636 #else 637 (void) sl_snprintf(msg, SH_BUFSIZE, _("owner_new=<%s>, iowner_new=<%ld>, group_new=<%s>, igroup_new=<%ld>, filesize=<%lu>, ctime=<%s>, atime=<%s>, mtime=<%s>"), 638 theFile.c_owner, theFile.owner, 639 theFile.c_group, theFile.group, 640 (unsigned long) theFile.size, 641 timestrc, timestra, timestrm); 642 #endif 643 /*@+usedef@*/ 644 645 sh_error_handle (ShSuidchkSeverity, FIL__, __LINE__, 646 0, MSG_SUID_POLICY, 647 _("suid/sgid file not in database"), 648 tmp, msg ); 649 SH_FREE(msg); 1033 report_file(tmpcat, &theFile, timestrc, timestra, timestrm); 650 1034 651 1035 /* Quarantine file according to configured method … … 656 1040 { 657 1041 case SH_Q_DELETE: 658 /* if (unlink (theFile.fullpath) == -1) */ 659 if (do_truncate (theFile.fullpath) == -1) 660 { 661 status = errno; 662 msg = SH_ALLOC(SH_BUFSIZE); 663 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld"), status); 664 sh_error_handle (ShSuidchkSeverity, 665 FIL__, __LINE__, 666 status, 667 MSG_SUID_QREPORT, msg, 668 tmp ); 669 SH_FREE(msg); 670 } 671 else 672 { 673 sh_error_handle (ShSuidchkSeverity, 674 FIL__, __LINE__, 0, 675 MSG_SUID_QREPORT, 676 _("Quarantine method applied"), 677 tmp ); 678 } 1042 sh_q_delete(theFile.fullpath); 679 1043 break; 680 1044 case SH_Q_CHANGEPERM: 681 cperm_status = 0; 682 file_d = -1; 683 if (retry_lstat(FIL__, __LINE__, tmpcat, &fileInfo) == -1) 684 { 685 status = errno; 686 msg = SH_ALLOC(SH_BUFSIZE); 687 (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); 688 sh_error_handle (ShSuidchkSeverity, 689 FIL__, __LINE__, 690 status, 691 MSG_SUID_QREPORT, msg, 692 tmp ); 693 SH_FREE(msg); 694 cperm_status = -1; 695 } 696 697 if (cperm_status == 0) 698 { 699 if (0 != (caperr = sl_get_cap_qdel())) 700 { 701 sh_error_handle((-1), FIL__, __LINE__, 702 caperr, MSG_E_SUBGEN, 703 sh_error_message (caperr), 704 _("sl_get_cap_qdel")); 705 cperm_status = -1; 706 } 707 } 708 709 if (cperm_status == 0) 710 { 711 file_d = aud_open (FIL__, __LINE__, SL_YESPRIV, 712 tmpcat, O_RDONLY, 0); 713 if (-1 == file_d) 714 { 715 status = errno; 716 msg = SH_ALLOC(SH_BUFSIZE); 717 (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld"), status); 718 sh_error_handle (ShSuidchkSeverity, 719 FIL__, __LINE__, 720 status, 721 MSG_SUID_QREPORT, msg, 722 tmp ); 723 SH_FREE(msg); 724 cperm_status = -1; 725 } 726 } 727 728 if (cperm_status == 0) 729 { 730 if (retry_fstat(FIL__, __LINE__, file_d, &fileInfo_F) == -1) 731 { 732 status = errno; 733 msg = SH_ALLOC(SH_BUFSIZE); 734 (void) sl_snprintf(msg, SH_BUFSIZE, 735 _("I/O error. errno = %ld"), status); 736 sh_error_handle (ShSuidchkSeverity, 737 FIL__, __LINE__, 738 status, 739 MSG_SUID_QREPORT, msg, 740 tmp ); 741 SH_FREE(msg); 742 cperm_status = -1; 743 } 744 } 745 746 if (cperm_status == 0) 747 { 748 if (fileInfo_F.st_ino != fileInfo.st_ino || 749 fileInfo_F.st_dev != fileInfo.st_dev || 750 fileInfo_F.st_mode != fileInfo.st_mode) 751 { 752 status = errno; 753 msg = SH_ALLOC(SH_BUFSIZE); 754 (void) sl_snprintf(msg, SH_BUFSIZE, 755 _("Race detected. errno = %ld"), status); 756 sh_error_handle (ShSuidchkSeverity, 757 FIL__, __LINE__, 758 status, 759 MSG_SUID_QREPORT, msg, 760 tmp ); 761 SH_FREE(msg); 762 cperm_status = -1; 763 } 764 } 765 766 if ((fileInfo.st_mode & S_ISUID) > 0) 767 fileInfo.st_mode -= S_ISUID; 768 if ((fileInfo.st_mode & S_ISGID) > 0) 769 fileInfo.st_mode -= S_ISGID; 770 771 if (cperm_status == 0) 772 { 773 if (fchmod(file_d, fileInfo.st_mode) == -1) 774 { 775 status = errno; 776 msg = SH_ALLOC(SH_BUFSIZE); 777 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld"), status); 778 sh_error_handle (ShSuidchkSeverity, 779 FIL__, __LINE__, 780 status, 781 MSG_SUID_QREPORT, 782 msg, tmp ); 783 SH_FREE(msg); 784 } 785 else 786 { 787 sh_error_handle (ShSuidchkSeverity, 788 FIL__, __LINE__, 789 0, 790 MSG_SUID_QREPORT, 791 _("Quarantine method applied"), 792 tmp ); 793 } 794 } 795 796 if (0 != (caperr = sl_drop_cap_qdel())) 797 { 798 sh_error_handle((-1), FIL__, __LINE__, 799 caperr, MSG_E_SUBGEN, 800 sh_error_message (caperr), 801 _("sl_drop_cap_qdel")); 802 } 803 804 if (file_d != -1) 805 { 806 do { 807 status = close (file_d); 808 } while (status == -1 && errno == EINTR); 809 810 if (-1 == status) 811 { 812 status = errno; 813 msg = SH_ALLOC(SH_BUFSIZE); 814 (void) sl_snprintf(msg, SH_BUFSIZE, 815 _("I/O error. errno = %ld"), status); 816 sh_error_handle (ShSuidchkSeverity, 817 FIL__, __LINE__, 818 status, 819 MSG_SUID_QREPORT, msg, 820 tmp ); 821 SH_FREE(msg); 822 cperm_status = -1; 823 } 824 } 1045 sh_q_changeperm(theFile.fullpath); 825 1046 break; 826 1047 case SH_Q_MOVE: 827 dir = SH_ALLOC(PATH_MAX+1); 828 (void) sl_strlcpy (dir, DEFAULT_QDIR, PATH_MAX+1); 829 if (retry_stat (FIL__, __LINE__, dir, &fileInfo) != 0) 830 { 831 status = errno; 832 msg = SH_ALLOC(SH_BUFSIZE); 833 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (stat)"), status); 834 sh_error_handle (ShSuidchkSeverity, 835 FIL__, __LINE__, 836 status, 837 MSG_SUID_QREPORT, msg, 838 tmp ); 839 SH_FREE(msg); 840 } 841 else 842 { 843 if (retry_lstat (FIL__, __LINE__, 844 theFile.fullpath, &fileInfo) == -1) 845 { 846 status = errno; 847 msg = SH_ALLOC(SH_BUFSIZE); 848 (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld(stat)"), status); 849 sh_error_handle (ShSuidchkSeverity, 850 FIL__, __LINE__, 851 status, 852 MSG_SUID_QREPORT, 853 msg, tmp ); 854 SH_FREE(msg); 855 } 856 else 857 { 858 basetmp = sh_util_strdup(theFile.fullpath); 859 filetmp = SH_ALLOC(PATH_MAX+1); 860 (void) sl_snprintf(filetmp, PATH_MAX+1, "%s/%s", 861 DEFAULT_QDIR, basename(basetmp)); 862 SH_FREE(basetmp); 863 864 readFile = open (theFile.fullpath, O_RDONLY); 865 if (readFile != -1) 866 writeFile = open (filetmp, O_WRONLY|O_CREAT); 867 868 if ((readFile == -1) || (writeFile == -1)) 869 { 870 status = errno; 871 msg = SH_ALLOC(SH_BUFSIZE); 872 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld (open)"), status); 873 sh_error_handle (ShSuidchkSeverity, 874 FIL__, __LINE__, status, 875 MSG_SUID_QREPORT, 876 msg, tmp ); 877 SH_FREE(msg); 878 } 879 else 880 { 881 /* sizeof(buffer) is 1024 */ 882 while ((count = (int) read (readFile, buffer, sizeof (buffer))) > 0) 883 if ((int) write (writeFile, buffer, (size_t) count) != count) 884 { 885 status = errno; 886 msg = SH_ALLOC(SH_BUFSIZE); 887 (void) sl_snprintf(msg, SH_BUFSIZE, _("I/O error. errno = %ld (write)"), status); 888 sh_error_handle (ShSuidchkSeverity, 889 FIL__, 890 __LINE__, 891 status, 892 MSG_SUID_QREPORT, 893 msg, tmp ); 894 SH_FREE(msg); 895 } 896 } 897 (void) close (readFile); 898 (void) fchmod(writeFile, S_IRUSR | S_IWUSR | S_IXUSR); 899 (void) close (writeFile); 900 /* if (unlink (theFile.fullpath) == -1) */ 901 if (do_truncate (theFile.fullpath) == -1) 902 { 903 status = errno; 904 msg = SH_ALLOC(SH_BUFSIZE); 905 (void) sl_snprintf(msg, SH_BUFSIZE, _("Problem quarantining file. File NOT quarantined. errno = %ld"), status); 906 sh_error_handle (ShSuidchkSeverity, 907 FIL__, __LINE__, status, 908 MSG_SUID_QREPORT, 909 msg, tmp ); 910 SH_FREE(msg); 911 } 912 else 913 { 914 (void) sl_snprintf(filetmp, PATH_MAX+1, "%s/%s.info", 915 DEFAULT_QDIR, 916 basename(theFile.fullpath)); 917 /* 918 * avoid chmod by setting umask 919 */ 920 umask_old = umask (0077); 921 filePtr = fopen (filetmp, "w+"); 922 /*@-usedef@*/ 923 if (filePtr) 924 { 925 fprintf(filePtr, _("File Info:\n filename=%s\n size=%lu\n owner=%s(%d)\n group=%s(%d)\n ctime=%s\n atime=%s\n mtime=%s\n"), 926 theFile.fullpath, 927 (unsigned long) theFile.size, 928 theFile.c_owner, (int) theFile.owner, 929 theFile.c_group, (int) theFile.group, 930 timestrc, timestra, timestrm); 931 (void) fclose (filePtr); 932 } 933 /*@+usedef@*/ 934 umask (umask_old); 935 936 sh_error_handle (ShSuidchkSeverity, 937 FIL__,__LINE__, 938 0, MSG_SUID_QREPORT, 939 _("Quarantine method applied"), 940 tmp ); 941 } 942 SH_FREE(filetmp); 943 } 944 } 945 SH_FREE(dir); 1048 sh_q_move(theFile.fullpath, &theFile, timestrc, timestra, timestrm); 946 1049 break; 947 1050 default: 948 1051 sh_error_handle (ShSuidchkSeverity, FIL__, 949 1052 __LINE__, 0, MSG_SUID_QREPORT, 950 _("Bad quarantine method"), 951 tmp); 1053 _("Bad quarantine method"), tmp); 952 1054 break; 953 1055 } … … 975 1077 if (theFile.attr_string) 976 1078 SH_FREE(theFile.attr_string); 977 978 } /* end of way too long routine */ 1079 } 979 1080 } 980 1081 SH_FREE(tmpcat); … … 990 1091 _("Failed to release time slice"), 991 1092 _("sh_suidchk_check_internal") ); 992 993 1093 } 994 1094 }
Note:
See TracChangeset
for help on using the changeset viewer.
