diff options
author | Umang Jain <umang@endlessm.com> | 2019-02-28 17:38:08 +0530 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2019-04-09 09:18:15 +0000 |
commit | cd53f71f9e2fdb68b9c4dbb44309dc0424daebda (patch) | |
tree | d9c10ac4f7b2a9cc02e2675cbf75d4f87423efc8 /revokefs | |
parent | c9d0705ae9fd45d627a4c1167289f3a6a9a722dc (diff) | |
download | flatpak-cd53f71f9e2fdb68b9c4dbb44309dc0424daebda.tar.gz |
revokefs-fuse: Add --with-exit-fd arg to monitor parent process's exit
This is necessary so as to not leave the revokefs backend around
when the system-helper exits abruptly (e.g. OOM killer). It would
be a vulnerability if revokefs backend continues to live even after
the system-helper is killed as it might lead to write access to the
underlying directory.
Closes: #2657
Approved by: alexlarsson
Diffstat (limited to 'revokefs')
-rw-r--r-- | revokefs/main.c | 9 | ||||
-rw-r--r-- | revokefs/writer.c | 25 | ||||
-rw-r--r-- | revokefs/writer.h | 2 |
3 files changed, 31 insertions, 5 deletions
diff --git a/revokefs/main.c b/revokefs/main.c index 401330d7..f0808f15 100644 --- a/revokefs/main.c +++ b/revokefs/main.c @@ -444,6 +444,7 @@ usage (const char *progname) " -h --help print help\n" " --socket=fd Pass in the socket fd\n" " --backend Run the backend instead of fuse\n" + " --exit-with-fd=fd With --backend, exit when the given file descriptor is closed\n" "\n", progname); } @@ -478,6 +479,7 @@ revokefs_opt_proc (void *data, struct revokefs_config { int socket_fd; + int exit_with_fd; int backend; }; @@ -485,6 +487,7 @@ struct revokefs_config { static struct fuse_opt revokefs_opts[] = { REVOKEFS_OPT ("--socket=%i", socket_fd, -1), + REVOKEFS_OPT ("--exit-with-fd=%i", exit_with_fd, -1), REVOKEFS_OPT ("--backend", backend, 1), FUSE_OPT_KEY ("-h", KEY_HELP), @@ -497,7 +500,7 @@ main (int argc, char *argv[]) { struct fuse_args args = FUSE_ARGS_INIT (argc, argv); int res; - struct revokefs_config conf = { -1 }; + struct revokefs_config conf = { -1, -1 }; res = fuse_opt_parse (&args, &conf, revokefs_opts, revokefs_opt_proc); if (res != 0) @@ -529,7 +532,7 @@ main (int argc, char *argv[]) exit (EXIT_FAILURE); } - do_writer (basefd, conf.socket_fd); + do_writer (basefd, conf.socket_fd, conf.exit_with_fd); exit (0); } @@ -559,7 +562,7 @@ main (int argc, char *argv[]) { /* writer process */ close (sockets[0]); - do_writer (basefd, sockets[1]); + do_writer (basefd, sockets[1], -1); exit (0); } diff --git a/revokefs/writer.c b/revokefs/writer.c index fc31bae7..2a297d0b 100644 --- a/revokefs/writer.c +++ b/revokefs/writer.c @@ -32,6 +32,7 @@ #include <sys/xattr.h> #include <dirent.h> #include <unistd.h> +#include <poll.h> #include <fuse.h> #include <glib.h> @@ -759,7 +760,8 @@ request_access (int writer_socket, const char *path, int mode) void do_writer (int basefd_arg, - int fuse_socket) + int fuse_socket, + int exit_with_fd) { guchar request_buffer[MAX_REQUEST_SIZE]; RevokefsRequest *request = (RevokefsRequest *)&request_buffer; @@ -773,6 +775,27 @@ do_writer (int basefd_arg, { ssize_t data_size, size; ssize_t response_data_size, response_size, written_size; + int res; + struct pollfd pollfds[2] = { + {fuse_socket, POLLIN, 0 }, + {exit_with_fd, POLLIN, 0 }, + }; + + res = poll(pollfds, exit_with_fd >= 0 ? 2 : 1, -1); + if (res < 0) + { + perror ("Got error polling sockets: "); + exit (1); + } + + if (exit_with_fd >= 0 && (pollfds[1].revents & (POLLERR|POLLHUP)) != 0) + { + g_printerr ("Received EOF on exit-with-fd argument"); + exit (1); + } + + if (pollfds[0].revents & POLLIN == 0) + continue; size = TEMP_FAILURE_RETRY (read (fuse_socket, request_buffer, sizeof (request_buffer))); if (size == -1) diff --git a/revokefs/writer.h b/revokefs/writer.h index 46a0be17..0131eaa4 100644 --- a/revokefs/writer.h +++ b/revokefs/writer.h @@ -39,7 +39,7 @@ int request_fsync (int writer_socket, int fd); int request_close (int writer_socket, int fd); int request_access (int writer_socket, const char *path, int mode); -void do_writer (int basefd, int socket); +void do_writer (int basefd, int socket, int exit_with_fd); typedef enum { |