| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2009 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 // The following is duplicated from base/linux_utils.cc. | |
| 6 // We shouldn't link against C++ code in a setuid binary. | |
| 7 | |
| 8 // Needed for O_DIRECTORY, must be defined before fcntl.h is included | |
| 9 // (and it can be included earlier than the explicit #include below | |
| 10 // in some versions of glibc). | |
| 11 #define _GNU_SOURCE | |
| 12 | |
| 13 #include "sandbox/linux/suid/linux_util.h" | |
| 14 | |
| 15 #include <dirent.h> | |
| 16 #include <errno.h> | |
| 17 #include <fcntl.h> | |
| 18 #include <limits.h> | |
| 19 #include <stdio.h> | |
| 20 #include <stdlib.h> | |
| 21 #include <string.h> | |
| 22 #include <sys/stat.h> | |
| 23 #include <sys/types.h> | |
| 24 #include <unistd.h> | |
| 25 | |
| 26 // expected prefix of the target of the /proc/self/fd/%d link for a socket | |
| 27 static const char kSocketLinkPrefix[] = "socket:["; | |
| 28 | |
| 29 // Parse a symlink in /proc/pid/fd/$x and return the inode number of the | |
| 30 // socket. | |
| 31 // inode_out: (output) set to the inode number on success | |
| 32 // path: e.g. /proc/1234/fd/5 (must be a UNIX domain socket descriptor) | |
| 33 static bool ProcPathGetInodeAt(ino_t* inode_out, | |
| 34 int base_dir_fd, | |
| 35 const char* path) { | |
| 36 // We also check that the path is relative. | |
| 37 if (!inode_out || !path || *path == '/') | |
| 38 return false; | |
| 39 char buf[256]; | |
| 40 const ssize_t n = readlinkat(base_dir_fd, path, buf, sizeof(buf) - 1); | |
| 41 if (n < 0) | |
| 42 return false; | |
| 43 buf[n] = 0; | |
| 44 | |
| 45 if (memcmp(kSocketLinkPrefix, buf, sizeof(kSocketLinkPrefix) - 1)) | |
| 46 return false; | |
| 47 | |
| 48 char* endptr = NULL; | |
| 49 errno = 0; | |
| 50 const unsigned long long int inode_ull = | |
| 51 strtoull(buf + sizeof(kSocketLinkPrefix) - 1, &endptr, 10); | |
| 52 if (inode_ull == ULLONG_MAX || !endptr || *endptr != ']' || errno != 0) | |
| 53 return false; | |
| 54 | |
| 55 *inode_out = inode_ull; | |
| 56 return true; | |
| 57 } | |
| 58 | |
| 59 static DIR* opendirat(int base_dir_fd, const char* name) { | |
| 60 // Also check that |name| is relative. | |
| 61 if (base_dir_fd < 0 || !name || *name == '/') | |
| 62 return NULL; | |
| 63 int new_dir_fd = openat(base_dir_fd, name, O_RDONLY | O_DIRECTORY); | |
| 64 if (new_dir_fd < 0) | |
| 65 return NULL; | |
| 66 | |
| 67 return fdopendir(new_dir_fd); | |
| 68 } | |
| 69 | |
| 70 bool FindProcessHoldingSocket(pid_t* pid_out, ino_t socket_inode) { | |
| 71 bool already_found = false; | |
| 72 | |
| 73 DIR* proc = opendir("/proc"); | |
| 74 if (!proc) | |
| 75 return false; | |
| 76 | |
| 77 const uid_t uid = getuid(); | |
| 78 struct dirent* dent; | |
| 79 while ((dent = readdir(proc))) { | |
| 80 char* endptr = NULL; | |
| 81 errno = 0; | |
| 82 const unsigned long int pid_ul = strtoul(dent->d_name, &endptr, 10); | |
| 83 if (pid_ul == ULONG_MAX || !endptr || *endptr || errno != 0) | |
| 84 continue; | |
| 85 | |
| 86 // We have this setuid code here because the zygote and its children have | |
| 87 // /proc/$pid/fd owned by root. While scanning through /proc, we add this | |
| 88 // extra check so users cannot accidentally gain information about other | |
| 89 // users' processes. To determine process ownership, we use the property | |
| 90 // that if user foo owns process N, then /proc/N is owned by foo. | |
| 91 int proc_pid_fd = -1; | |
| 92 { | |
| 93 char buf[256]; | |
| 94 struct stat statbuf; | |
| 95 snprintf(buf, sizeof(buf), "/proc/%lu", pid_ul); | |
| 96 proc_pid_fd = open(buf, O_RDONLY | O_DIRECTORY); | |
| 97 if (proc_pid_fd < 0) | |
| 98 continue; | |
| 99 if (fstat(proc_pid_fd, &statbuf) < 0 || uid != statbuf.st_uid) { | |
| 100 close(proc_pid_fd); | |
| 101 continue; | |
| 102 } | |
| 103 } | |
| 104 | |
| 105 DIR* fd = opendirat(proc_pid_fd, "fd"); | |
| 106 if (!fd) { | |
| 107 close(proc_pid_fd); | |
| 108 continue; | |
| 109 } | |
| 110 | |
| 111 while ((dent = readdir(fd))) { | |
| 112 char buf[256]; | |
| 113 int printed = snprintf(buf, sizeof(buf), "fd/%s", dent->d_name); | |
| 114 if (printed < 0 || printed >= (int)(sizeof(buf) - 1)) { | |
| 115 continue; | |
| 116 } | |
| 117 | |
| 118 ino_t fd_inode; | |
| 119 if (ProcPathGetInodeAt(&fd_inode, proc_pid_fd, buf)) { | |
| 120 if (fd_inode == socket_inode) { | |
| 121 if (already_found) { | |
| 122 closedir(fd); | |
| 123 close(proc_pid_fd); | |
| 124 closedir(proc); | |
| 125 return false; | |
| 126 } | |
| 127 | |
| 128 already_found = true; | |
| 129 *pid_out = pid_ul; | |
| 130 break; | |
| 131 } | |
| 132 } | |
| 133 } | |
| 134 closedir(fd); | |
| 135 close(proc_pid_fd); | |
| 136 } | |
| 137 closedir(proc); | |
| 138 | |
| 139 return already_found; | |
| 140 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 569533002:
Remove --find-inode-switch hack from chrome-sandbox (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master