|
|
5b8176 |
From fd4405b763d26649339069532e79bd45013c8c38 Mon Sep 17 00:00:00 2001
|
|
|
5b8176 |
From: Tomas Mraz <tmraz@fedoraproject.org>
|
|
|
5b8176 |
Date: Mon, 20 Jan 2020 13:58:07 +0100
|
|
|
5b8176 |
Subject: [PATCH] Do not mistake a regular user process for a namespaced one
|
|
|
5b8176 |
|
|
|
5b8176 |
In case there is a regular user with a process running on a system
|
|
|
5b8176 |
with uid falling into a namespaced uid range of another user.
|
|
|
5b8176 |
The user with the colliding namespaced uid range will not be
|
|
|
5b8176 |
allowed to be deleted without forcing the action with -f.
|
|
|
5b8176 |
|
|
|
5b8176 |
The user_busy() is adjusted to check whether the suspected process
|
|
|
5b8176 |
is really a namespaced process in a different namespace.
|
|
|
5b8176 |
---
|
|
|
5b8176 |
libmisc/user_busy.c | 44 ++++++++++++++++++++++++++++++++++++--------
|
|
|
5b8176 |
1 file changed, 36 insertions(+), 8 deletions(-)
|
|
|
5b8176 |
|
|
|
5b8176 |
diff --git a/libmisc/user_busy.c b/libmisc/user_busy.c
|
|
|
5b8176 |
index b0867568..324bb946 100644
|
|
|
5b8176 |
--- a/libmisc/user_busy.c
|
|
|
5b8176 |
+++ b/libmisc/user_busy.c
|
|
|
5b8176 |
@@ -39,6 +39,7 @@
|
|
|
5b8176 |
#include <sys/types.h>
|
|
|
5b8176 |
#include <dirent.h>
|
|
|
5b8176 |
#include <fcntl.h>
|
|
|
5b8176 |
+#include <unistd.h>
|
|
|
5b8176 |
#include "defines.h"
|
|
|
5b8176 |
#include "prototypes.h"
|
|
|
5b8176 |
#ifdef ENABLE_SUBIDS
|
|
|
5b8176 |
@@ -106,6 +107,31 @@ static int user_busy_utmp (const char *name)
|
|
|
5b8176 |
#endif /* !__linux__ */
|
|
|
5b8176 |
|
|
|
5b8176 |
#ifdef __linux__
|
|
|
5b8176 |
+#ifdef ENABLE_SUBIDS
|
|
|
5b8176 |
+#define in_parentuid_range(uid) ((uid) >= parentuid && (uid) < parentuid + range)
|
|
|
5b8176 |
+static int different_namespace (const char *sname)
|
|
|
5b8176 |
+{
|
|
|
5b8176 |
+ /* 41: /proc/xxxxxxxxxx/task/xxxxxxxxxx/ns/user + \0 */
|
|
|
5b8176 |
+ char path[41];
|
|
|
5b8176 |
+ char buf[512], buf2[512];
|
|
|
5b8176 |
+ ssize_t llen1, llen2;
|
|
|
5b8176 |
+
|
|
|
5b8176 |
+ snprintf (path, 41, "/proc/%s/ns/user", sname);
|
|
|
5b8176 |
+
|
|
|
5b8176 |
+ if ((llen1 = readlink (path, buf, sizeof(buf))) == -1)
|
|
|
5b8176 |
+ return 0;
|
|
|
5b8176 |
+
|
|
|
5b8176 |
+ if ((llen2 = readlink ("/proc/self/ns/user", buf2, sizeof(buf2))) == -1)
|
|
|
5b8176 |
+ return 0;
|
|
|
5b8176 |
+
|
|
|
5b8176 |
+ if (llen1 == llen2 && memcmp (buf, buf2, llen1) == 0)
|
|
|
5b8176 |
+ return 0; /* same namespace */
|
|
|
5b8176 |
+
|
|
|
5b8176 |
+ return 1;
|
|
|
5b8176 |
+}
|
|
|
5b8176 |
+#endif /* ENABLE_SUBIDS */
|
|
|
5b8176 |
+
|
|
|
5b8176 |
+
|
|
|
5b8176 |
static int check_status (const char *name, const char *sname, uid_t uid)
|
|
|
5b8176 |
{
|
|
|
5b8176 |
/* 40: /proc/xxxxxxxxxx/task/xxxxxxxxxx/status + \0 */
|
|
|
5b8176 |
@@ -114,7 +140,6 @@ static int check_status (const char *name, const char *sname, uid_t uid)
|
|
|
5b8176 |
FILE *sfile;
|
|
|
5b8176 |
|
|
|
5b8176 |
snprintf (status, 40, "/proc/%s/status", sname);
|
|
|
5b8176 |
- status[39] = '\0';
|
|
|
5b8176 |
|
|
|
5b8176 |
sfile = fopen (status, "r");
|
|
|
5b8176 |
if (NULL == sfile) {
|
|
|
5b8176 |
@@ -123,26 +148,29 @@ static int check_status (const char *name, const char *sname, uid_t uid)
|
|
|
5b8176 |
while (fgets (line, sizeof (line), sfile) == line) {
|
|
|
5b8176 |
if (strncmp (line, "Uid:\t", 5) == 0) {
|
|
|
5b8176 |
unsigned long ruid, euid, suid;
|
|
|
5b8176 |
+
|
|
|
5b8176 |
assert (uid == (unsigned long) uid);
|
|
|
5b8176 |
+ (void) fclose (sfile);
|
|
|
5b8176 |
if (sscanf (line,
|
|
|
5b8176 |
"Uid:\t%lu\t%lu\t%lu\n",
|
|
|
5b8176 |
&ruid, &euid, &suid) == 3) {
|
|
|
5b8176 |
if ( (ruid == (unsigned long) uid)
|
|
|
5b8176 |
|| (euid == (unsigned long) uid)
|
|
|
5b8176 |
- || (suid == (unsigned long) uid)
|
|
|
5b8176 |
+ || (suid == (unsigned long) uid) ) {
|
|
|
5b8176 |
+ return 1;
|
|
|
5b8176 |
+ }
|
|
|
5b8176 |
#ifdef ENABLE_SUBIDS
|
|
|
5b8176 |
- || have_sub_uids(name, ruid, 1)
|
|
|
5b8176 |
- || have_sub_uids(name, euid, 1)
|
|
|
5b8176 |
- || have_sub_uids(name, suid, 1)
|
|
|
5b8176 |
-#endif /* ENABLE_SUBIDS */
|
|
|
5b8176 |
+ if ( different_namespace (sname)
|
|
|
5b8176 |
+ && ( have_sub_uids(name, ruid, 1)
|
|
|
5b8176 |
+ || have_sub_uids(name, euid, 1)
|
|
|
5b8176 |
+ || have_sub_uids(name, suid, 1))
|
|
|
5b8176 |
) {
|
|
|
5b8176 |
- (void) fclose (sfile);
|
|
|
5b8176 |
return 1;
|
|
|
5b8176 |
}
|
|
|
5b8176 |
+#endif /* ENABLE_SUBIDS */
|
|
|
5b8176 |
} else {
|
|
|
5b8176 |
/* Ignore errors. This is just a best effort. */
|
|
|
5b8176 |
}
|
|
|
5b8176 |
- (void) fclose (sfile);
|
|
|
5b8176 |
return 0;
|
|
|
5b8176 |
}
|
|
|
5b8176 |
}
|
|
|
5b8176 |
--
|
|
|
5b8176 |
2.25.2
|
|
|
5b8176 |
|