From cd53f71f9e2fdb68b9c4dbb44309dc0424daebda Mon Sep 17 00:00:00 2001 From: Umang Jain Date: Thu, 28 Feb 2019 17:38:08 +0530 Subject: revokefs-fuse: Add --with-exit-fd arg to monitor parent process's exit This is necessary so as to not leave the revokefs backend around when the system-helper exits abruptly (e.g. OOM killer). It would be a vulnerability if revokefs backend continues to live even after the system-helper is killed as it might lead to write access to the underlying directory. Closes: #2657 Approved by: alexlarsson --- revokefs/main.c | 9 ++++++--- revokefs/writer.c | 25 ++++++++++++++++++++++++- revokefs/writer.h | 2 +- 3 files changed, 31 insertions(+), 5 deletions(-) (limited to 'revokefs') diff --git a/revokefs/main.c b/revokefs/main.c index 401330d7..f0808f15 100644 --- a/revokefs/main.c +++ b/revokefs/main.c @@ -444,6 +444,7 @@ usage (const char *progname) " -h --help print help\n" " --socket=fd Pass in the socket fd\n" " --backend Run the backend instead of fuse\n" + " --exit-with-fd=fd With --backend, exit when the given file descriptor is closed\n" "\n", progname); } @@ -478,6 +479,7 @@ revokefs_opt_proc (void *data, struct revokefs_config { int socket_fd; + int exit_with_fd; int backend; }; @@ -485,6 +487,7 @@ struct revokefs_config { static struct fuse_opt revokefs_opts[] = { REVOKEFS_OPT ("--socket=%i", socket_fd, -1), + REVOKEFS_OPT ("--exit-with-fd=%i", exit_with_fd, -1), REVOKEFS_OPT ("--backend", backend, 1), FUSE_OPT_KEY ("-h", KEY_HELP), @@ -497,7 +500,7 @@ main (int argc, char *argv[]) { struct fuse_args args = FUSE_ARGS_INIT (argc, argv); int res; - struct revokefs_config conf = { -1 }; + struct revokefs_config conf = { -1, -1 }; res = fuse_opt_parse (&args, &conf, revokefs_opts, revokefs_opt_proc); if (res != 0) @@ -529,7 +532,7 @@ main (int argc, char *argv[]) exit (EXIT_FAILURE); } - do_writer (basefd, conf.socket_fd); + do_writer (basefd, conf.socket_fd, conf.exit_with_fd); exit (0); } @@ -559,7 +562,7 @@ main (int argc, char *argv[]) { /* writer process */ close (sockets[0]); - do_writer (basefd, sockets[1]); + do_writer (basefd, sockets[1], -1); exit (0); } diff --git a/revokefs/writer.c b/revokefs/writer.c index fc31bae7..2a297d0b 100644 --- a/revokefs/writer.c +++ b/revokefs/writer.c @@ -32,6 +32,7 @@ #include #include #include +#include #include #include @@ -759,7 +760,8 @@ request_access (int writer_socket, const char *path, int mode) void do_writer (int basefd_arg, - int fuse_socket) + int fuse_socket, + int exit_with_fd) { guchar request_buffer[MAX_REQUEST_SIZE]; RevokefsRequest *request = (RevokefsRequest *)&request_buffer; @@ -773,6 +775,27 @@ do_writer (int basefd_arg, { ssize_t data_size, size; ssize_t response_data_size, response_size, written_size; + int res; + struct pollfd pollfds[2] = { + {fuse_socket, POLLIN, 0 }, + {exit_with_fd, POLLIN, 0 }, + }; + + res = poll(pollfds, exit_with_fd >= 0 ? 2 : 1, -1); + if (res < 0) + { + perror ("Got error polling sockets: "); + exit (1); + } + + if (exit_with_fd >= 0 && (pollfds[1].revents & (POLLERR|POLLHUP)) != 0) + { + g_printerr ("Received EOF on exit-with-fd argument"); + exit (1); + } + + if (pollfds[0].revents & POLLIN == 0) + continue; size = TEMP_FAILURE_RETRY (read (fuse_socket, request_buffer, sizeof (request_buffer))); if (size == -1) diff --git a/revokefs/writer.h b/revokefs/writer.h index 46a0be17..0131eaa4 100644 --- a/revokefs/writer.h +++ b/revokefs/writer.h @@ -39,7 +39,7 @@ int request_fsync (int writer_socket, int fd); int request_close (int writer_socket, int fd); int request_access (int writer_socket, const char *path, int mode); -void do_writer (int basefd, int socket); +void do_writer (int basefd, int socket, int exit_with_fd); typedef enum { -- cgit v1.2.1