summaryrefslogtreecommitdiff
path: root/revokefs
diff options
context:
space:
mode:
authorUmang Jain <umang@endlessm.com>2019-02-28 17:38:08 +0530
committerAtomic Bot <atomic-devel@projectatomic.io>2019-04-09 09:18:15 +0000
commitcd53f71f9e2fdb68b9c4dbb44309dc0424daebda (patch)
treed9c10ac4f7b2a9cc02e2675cbf75d4f87423efc8 /revokefs
parentc9d0705ae9fd45d627a4c1167289f3a6a9a722dc (diff)
downloadflatpak-cd53f71f9e2fdb68b9c4dbb44309dc0424daebda.tar.gz
revokefs-fuse: Add --with-exit-fd arg to monitor parent process's exit
This is necessary so as to not leave the revokefs backend around when the system-helper exits abruptly (e.g. OOM killer). It would be a vulnerability if revokefs backend continues to live even after the system-helper is killed as it might lead to write access to the underlying directory. Closes: #2657 Approved by: alexlarsson
Diffstat (limited to 'revokefs')
-rw-r--r--revokefs/main.c9
-rw-r--r--revokefs/writer.c25
-rw-r--r--revokefs/writer.h2
3 files changed, 31 insertions, 5 deletions
diff --git a/revokefs/main.c b/revokefs/main.c
index 401330d7..f0808f15 100644
--- a/revokefs/main.c
+++ b/revokefs/main.c
@@ -444,6 +444,7 @@ usage (const char *progname)
" -h --help print help\n"
" --socket=fd Pass in the socket fd\n"
" --backend Run the backend instead of fuse\n"
+ " --exit-with-fd=fd With --backend, exit when the given file descriptor is closed\n"
"\n", progname);
}
@@ -478,6 +479,7 @@ revokefs_opt_proc (void *data,
struct revokefs_config {
int socket_fd;
+ int exit_with_fd;
int backend;
};
@@ -485,6 +487,7 @@ struct revokefs_config {
static struct fuse_opt revokefs_opts[] = {
REVOKEFS_OPT ("--socket=%i", socket_fd, -1),
+ REVOKEFS_OPT ("--exit-with-fd=%i", exit_with_fd, -1),
REVOKEFS_OPT ("--backend", backend, 1),
FUSE_OPT_KEY ("-h", KEY_HELP),
@@ -497,7 +500,7 @@ main (int argc, char *argv[])
{
struct fuse_args args = FUSE_ARGS_INIT (argc, argv);
int res;
- struct revokefs_config conf = { -1 };
+ struct revokefs_config conf = { -1, -1 };
res = fuse_opt_parse (&args, &conf, revokefs_opts, revokefs_opt_proc);
if (res != 0)
@@ -529,7 +532,7 @@ main (int argc, char *argv[])
exit (EXIT_FAILURE);
}
- do_writer (basefd, conf.socket_fd);
+ do_writer (basefd, conf.socket_fd, conf.exit_with_fd);
exit (0);
}
@@ -559,7 +562,7 @@ main (int argc, char *argv[])
{
/* writer process */
close (sockets[0]);
- do_writer (basefd, sockets[1]);
+ do_writer (basefd, sockets[1], -1);
exit (0);
}
diff --git a/revokefs/writer.c b/revokefs/writer.c
index fc31bae7..2a297d0b 100644
--- a/revokefs/writer.c
+++ b/revokefs/writer.c
@@ -32,6 +32,7 @@
#include <sys/xattr.h>
#include <dirent.h>
#include <unistd.h>
+#include <poll.h>
#include <fuse.h>
#include <glib.h>
@@ -759,7 +760,8 @@ request_access (int writer_socket, const char *path, int mode)
void
do_writer (int basefd_arg,
- int fuse_socket)
+ int fuse_socket,
+ int exit_with_fd)
{
guchar request_buffer[MAX_REQUEST_SIZE];
RevokefsRequest *request = (RevokefsRequest *)&request_buffer;
@@ -773,6 +775,27 @@ do_writer (int basefd_arg,
{
ssize_t data_size, size;
ssize_t response_data_size, response_size, written_size;
+ int res;
+ struct pollfd pollfds[2] = {
+ {fuse_socket, POLLIN, 0 },
+ {exit_with_fd, POLLIN, 0 },
+ };
+
+ res = poll(pollfds, exit_with_fd >= 0 ? 2 : 1, -1);
+ if (res < 0)
+ {
+ perror ("Got error polling sockets: ");
+ exit (1);
+ }
+
+ if (exit_with_fd >= 0 && (pollfds[1].revents & (POLLERR|POLLHUP)) != 0)
+ {
+ g_printerr ("Received EOF on exit-with-fd argument");
+ exit (1);
+ }
+
+ if (pollfds[0].revents & POLLIN == 0)
+ continue;
size = TEMP_FAILURE_RETRY (read (fuse_socket, request_buffer, sizeof (request_buffer)));
if (size == -1)
diff --git a/revokefs/writer.h b/revokefs/writer.h
index 46a0be17..0131eaa4 100644
--- a/revokefs/writer.h
+++ b/revokefs/writer.h
@@ -39,7 +39,7 @@ int request_fsync (int writer_socket, int fd);
int request_close (int writer_socket, int fd);
int request_access (int writer_socket, const char *path, int mode);
-void do_writer (int basefd, int socket);
+void do_writer (int basefd, int socket, int exit_with_fd);
typedef enum {
View Lorry Controller Status