Blame SOURCES/0147-include-debug-don-t-print-pointer-address-for-SUID-p.patch

5f5089
From 3fcd52706b6818e785a104ed6c4f2b46e5d1ab2f Mon Sep 17 00:00:00 2001
5f5089
From: Karel Zak <kzak@redhat.com>
5f5089
Date: Fri, 12 Jan 2018 11:01:26 +0100
5f5089
Subject: [PATCH] include/debug: don't print pointer address for SUID programs
5f5089
5f5089
* introduce new flag __UL_DEBUG_FL_NOADDR to suppress pointer address printing
5f5089
  (and MNT_DEBUG_FL_NOADDR for libmount)
5f5089
5f5089
* use __UL_DEBUG_FL_NOADDR when SUID
5f5089
5f5089
* move ul_debugobj() to debugobj.h, and require UL_DEBUG_CURRENT_MASK
5f5089
  to provide access to the current mask from ul_debugobj(). It's better
5f5089
  than modify all ul_debugobj() calls and use the global mask as
5f5089
  argument.
5f5089
5f5089
* remove never used UL_DEBUG_DEFINE_FLAG
5f5089
5f5089
* remove %p from another libmount and libblkid debug messages
5f5089
5f5089
Upstream: http://github.com/karelzak/util-linux/commit/6d00cfb2330cb47d00d350eedfbffbbf5991a743
5f5089
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1534893
5f5089
Reported-by: halfdog <me@halfdog.net>
5f5089
Signed-off-by: Karel Zak <kzak@redhat.com>
5f5089
---
5f5089
 include/Makemodule.am                |  2 ++
5f5089
 include/debug.h                      | 29 +++++++++++------------------
5f5089
 include/debugobj.h                   | 22 ++++++++++++++++++++++
5f5089
 lib/loopdev.c                        |  2 +-
5f5089
 libblkid/src/partitions/partitions.c | 20 ++++++++++----------
5f5089
 libblkid/src/probe.c                 | 21 ++++++++++-----------
5f5089
 libmount/src/fs.c                    |  2 +-
5f5089
 libmount/src/init.c                  |  5 +++++
5f5089
 libmount/src/mountP.h                |  4 +++-
5f5089
 libmount/src/tab_diff.c              |  6 +++---
5f5089
 libmount/src/tab_update.c            |  4 ++--
5f5089
 libsmartcols/src/smartcolsP.h        |  3 +++
5f5089
 sys-utils/lsns.c                     |  3 +++
5f5089
 13 files changed, 76 insertions(+), 47 deletions(-)
5f5089
 create mode 100644 include/debugobj.h
5f5089
5f5089
diff --git a/include/Makemodule.am b/include/Makemodule.am
5f5089
index 168029683..bd4aa8cea 100644
5f5089
--- a/include/Makemodule.am
5f5089
+++ b/include/Makemodule.am
5f5089
@@ -11,6 +11,8 @@ dist_noinst_HEADERS += \
5f5089
 	include/colors.h \
5f5089
 	include/cpuset.h \
5f5089
 	include/crc32.h \
5f5089
+	include/debug.h \
5f5089
+	include/debugobj.h \
5f5089
 	include/env.h \
5f5089
 	include/exec_shell.h \
5f5089
 	include/exitcodes.h \
5f5089
diff --git a/include/debug.h b/include/debug.h
5f5089
index 848e47456..1c7ed8037 100644
5f5089
--- a/include/debug.h
5f5089
+++ b/include/debug.h
5f5089
@@ -13,12 +13,15 @@
5f5089
 struct dbg_mask { char *mname; int val; };
5f5089
 #define UL_DEBUG_EMPTY_MASKNAMES {{ NULL, 0 }}
5f5089
 
5f5089
-#define UL_DEBUG_DEFINE_MASK(m) int m ## _debug_mask
5f5089
+#define UL_DEBUG_MASK(m)         m ## _debug_mask
5f5089
+#define UL_DEBUG_DEFINE_MASK(m)  int UL_DEBUG_MASK(m)
5f5089
 #define UL_DEBUG_DECLARE_MASK(m) extern UL_DEBUG_DEFINE_MASK(m)
5f5089
 #define UL_DEBUG_DEFINE_MASKNAMES(m) static const struct dbg_mask m ## _masknames[]
5f5089
 
5f5089
-/* p - flag prefix, m - flag postfix */
5f5089
-#define UL_DEBUG_DEFINE_FLAG(p, m) p ## m
5f5089
+/*
5f5089
+ * Internal mask flags (above 0xffffff)
5f5089
+ */
5f5089
+#define __UL_DEBUG_FL_NOADDR   (1 << 24)       /* Don't print object address */
5f5089
 
5f5089
 /* l - library name, p - flag prefix, m - flag postfix, x - function */
5f5089
 #define __UL_DBG(l, p, m, x) \
5f5089
@@ -55,6 +58,10 @@ struct dbg_mask { char *mname; int val; };
5f5089
 				lib ## _debug_mask = parse_envmask(lib ## _masknames, str); \
5f5089
 		} else \
5f5089
 			lib ## _debug_mask = mask; \
5f5089
+		if (lib ## _debug_mask) { \
5f5089
+			if (getuid() != geteuid() || getgid() != getegid()) \
5f5089
+				lib ## _debug_mask |= __UL_DEBUG_FL_NOADDR; \
5f5089
+		} \
5f5089
 		lib ## _debug_mask |= pref ## INIT; \
5f5089
 		if (lib ## _debug_mask != pref ## INIT) { \
5f5089
 			__UL_DBG(lib, pref, INIT, ul_debug("library debug mask: 0x%04x", \
5f5089
@@ -72,21 +79,7 @@ ul_debug(const char *mesg, ...)
5f5089
 	va_end(ap);
5f5089
 	fputc('\n', stderr);
5f5089
 }
5f5089
-
5f5089
-static inline void __attribute__ ((__format__ (__printf__, 2, 3)))
5f5089
-ul_debugobj(void *handler, const char *mesg, ...)
5f5089
-{
5f5089
-	va_list ap;
5f5089
-
5f5089
-	if (handler)
5f5089
-		fprintf(stderr, "[%p]: ", handler);
5f5089
-	va_start(ap, mesg);
5f5089
-	vfprintf(stderr, mesg, ap);
5f5089
-	va_end(ap);
5f5089
-	fputc('\n', stderr);
5f5089
-}
5f5089
-
5f5089
-static inline int parse_envmask(const struct dbg_mask const flagnames[],
5f5089
+static inline int parse_envmask(const struct dbg_mask flagnames[],
5f5089
 				const char *mask)
5f5089
 {
5f5089
 	int res;
5f5089
diff --git a/include/debugobj.h b/include/debugobj.h
5f5089
new file mode 100644
5f5089
index 000000000..73b70b8df
5f5089
--- /dev/null
5f5089
+++ b/include/debugobj.h
5f5089
@@ -0,0 +1,22 @@
5f5089
+#ifndef UTIL_LINUX_DEBUGOBJ_H
5f5089
+#define UTIL_LINUX_DEBUGOBJ_H
5f5089
+
5f5089
+/*
5f5089
+ * Include *after* debug.h and after UL_DEBUG_CURRENT_MASK define.
5f5089
+ */
5f5089
+
5f5089
+static inline void __attribute__ ((__format__ (__printf__, 2, 3)))
5f5089
+ul_debugobj(const void *handler, const char *mesg, ...)
5f5089
+{
5f5089
+	va_list ap;
5f5089
+
5f5089
+	if (handler && !(UL_DEBUG_CURRENT_MASK & __UL_DEBUG_FL_NOADDR))
5f5089
+		fprintf(stderr, "[%p]: ", handler);
5f5089
+
5f5089
+	va_start(ap, mesg);
5f5089
+	vfprintf(stderr, mesg, ap);
5f5089
+	va_end(ap);
5f5089
+	fputc('\n', stderr);
5f5089
+}
5f5089
+
5f5089
+#endif /* UTIL_LINUX_DEBUGOBJ_H */
5f5089
diff --git a/lib/loopdev.c b/lib/loopdev.c
5f5089
index db5463698..daf0a81e8 100644
5f5089
--- a/lib/loopdev.c
5f5089
+++ b/lib/loopdev.c
5f5089
@@ -50,7 +50,7 @@
5f5089
 
5f5089
 # define DBG(l,x)	do { \
5f5089
 				if ((l)->debug) {\
5f5089
-					fprintf(stderr, "loopdev:  [%p]: ", (l)); \
5f5089
+					fprintf(stderr, "loopdev: "); \
5f5089
 					x; \
5f5089
 				} \
5f5089
 			} while(0)
5f5089
diff --git a/libblkid/src/partitions/partitions.c b/libblkid/src/partitions/partitions.c
5f5089
index 9d846ff85..2d0d70d81 100644
5f5089
--- a/libblkid/src/partitions/partitions.c
5f5089
+++ b/libblkid/src/partitions/partitions.c
5f5089
@@ -381,8 +381,8 @@ static blkid_partlist partitions_init_data(struct blkid_chain *chn)
5f5089
 
5f5089
 	reset_partlist(ls);
5f5089
 
5f5089
-	DBG(LOWPROBE, blkid_debug("parts: initialized partitions list (%p, size=%d)",
5f5089
-		ls, ls->nparts_max));
5f5089
+	DBG(LOWPROBE, blkid_debug("parts: initialized partitions list (size=%d)",
5f5089
+		ls->nparts_max));
5f5089
 	return ls;
5f5089
 }
5f5089
 
5f5089
@@ -417,7 +417,7 @@ blkid_parttable blkid_partlist_new_parttable(blkid_partlist ls,
5f5089
 	list_add_tail(&tab->t_tabs, &ls->l_tabs);
5f5089
 
5f5089
 	DBG(LOWPROBE, blkid_debug("parts: create a new partition table "
5f5089
-		       "(%p, type=%s, offset=%"PRId64")", tab, type, offset));
5f5089
+		       "(type=%s, offset=%"PRId64")", type, offset));
5f5089
 	return tab;
5f5089
 }
5f5089
 
5f5089
@@ -458,9 +458,9 @@ blkid_partition blkid_partlist_add_partition(blkid_partlist ls,
5f5089
 	par->start = start;
5f5089
 	par->size = size;
5f5089
 
5f5089
-	DBG(LOWPROBE, blkid_debug("parts: add partition (%p start=%"
5f5089
-		PRId64 ", size=%" PRId64 ", table=%p)",
5f5089
-		par, par->start, par->size, tab));
5f5089
+	DBG(LOWPROBE, blkid_debug("parts: add partition (start=%"
5f5089
+		PRId64 ", size=%" PRId64 ")",
5f5089
+		par->start, par->size));
5f5089
 	return par;
5f5089
 }
5f5089
 
5f5089
@@ -662,8 +662,8 @@ int blkid_partitions_do_subprobe(blkid_probe pr, blkid_partition parent,
5f5089
 	blkid_loff_t sz, off;
5f5089
 
5f5089
 	DBG(LOWPROBE, blkid_debug(
5f5089
-		"parts: ----> %s subprobe requested (parent=%p)",
5f5089
-		id->name, parent));
5f5089
+		"parts: ----> %s subprobe requested)",
5f5089
+		id->name));
5f5089
 
5f5089
 	if (!pr || !parent || !parent->size)
5f5089
 		return -EINVAL;
5f5089
@@ -709,8 +709,8 @@ int blkid_partitions_do_subprobe(blkid_probe pr, blkid_partition parent,
5f5089
 	blkid_free_probe(prc);	/* free cloned prober */
5f5089
 
5f5089
 	DBG(LOWPROBE, blkid_debug(
5f5089
-		"parts: <---- %s subprobe done (parent=%p, rc=%d)",
5f5089
-		id->name, parent, rc));
5f5089
+		"parts: <---- %s subprobe done (rc=%d)",
5f5089
+		id->name, rc));
5f5089
 
5f5089
 	return rc;
5f5089
 }
5f5089
diff --git a/libblkid/src/probe.c b/libblkid/src/probe.c
5f5089
index 9cf099ae4..07b08441f 100644
5f5089
--- a/libblkid/src/probe.c
5f5089
+++ b/libblkid/src/probe.c
5f5089
@@ -145,7 +145,7 @@ blkid_probe blkid_new_probe(void)
5f5089
 	if (!pr)
5f5089
 		return NULL;
5f5089
 
5f5089
-	DBG(LOWPROBE, blkid_debug("allocate a new probe %p", pr));
5f5089
+	DBG(LOWPROBE, blkid_debug("allocate a new probe"));
5f5089
 
5f5089
 	/* initialize chains */
5f5089
 	for (i = 0; i < BLKID_NCHAINS; i++) {
5f5089
@@ -260,7 +260,7 @@ void blkid_free_probe(blkid_probe pr)
5f5089
 	blkid_probe_reset_buffer(pr);
5f5089
 	blkid_free_probe(pr->disk_probe);
5f5089
 
5f5089
-	DBG(LOWPROBE, blkid_debug("free probe %p", pr));
5f5089
+	DBG(LOWPROBE, blkid_debug("free probe"));
5f5089
 	free(pr);
5f5089
 }
5f5089
 
5f5089
@@ -552,8 +552,8 @@ unsigned char *blkid_probe_get_buffer(blkid_probe pr,
5f5089
 				list_entry(p, struct blkid_bufinfo, bufs);
5f5089
 
5f5089
 		if (x->off <= off && off + len <= x->off + x->len) {
5f5089
-			DBG(LOWPROBE, blkid_debug("\treuse buffer: off=%jd len=%jd pr=%p",
5f5089
-							x->off, x->len, pr));
5f5089
+			DBG(LOWPROBE, blkid_debug("\treuse buffer: off=%jd len=%jd",
5f5089
+							x->off, x->len));
5f5089
 			bf = x;
5f5089
 			break;
5f5089
 		}
5f5089
@@ -584,8 +584,8 @@ unsigned char *blkid_probe_get_buffer(blkid_probe pr,
5f5089
 		bf->off = off;
5f5089
 		INIT_LIST_HEAD(&bf->bufs);
5f5089
 
5f5089
-		DBG(LOWPROBE, blkid_debug("\tbuffer read: off=%jd len=%jd pr=%p",
5f5089
-				off, len, pr));
5f5089
+		DBG(LOWPROBE, blkid_debug("\tbuffer read: off=%jd len=%jd",
5f5089
+				off, len));
5f5089
 
5f5089
 		ret = read(pr->fd, bf->data, len);
5f5089
 		if (ret != (ssize_t) len) {
5f5089
@@ -609,7 +609,7 @@ static void blkid_probe_reset_buffer(blkid_probe pr)
5f5089
 	if (!pr || list_empty(&pr->buffers))
5f5089
 		return;
5f5089
 
5f5089
-	DBG(LOWPROBE, blkid_debug("reseting probing buffers pr=%p", pr));
5f5089
+	DBG(LOWPROBE, blkid_debug("reseting probing buffers"));
5f5089
 
5f5089
 	while (!list_empty(&pr->buffers)) {
5f5089
 		struct blkid_bufinfo *bf = list_entry(pr->buffers.next,
5f5089
@@ -766,9 +766,8 @@ int blkid_probe_set_dimension(blkid_probe pr,
5f5089
 		return -1;
5f5089
 
5f5089
 	DBG(LOWPROBE, blkid_debug(
5f5089
-		"changing probing area pr=%p: size=%llu, off=%llu "
5f5089
+		"changing probing area: size=%llu, off=%llu "
5f5089
 		"-to-> size=%llu, off=%llu",
5f5089
-		pr,
5f5089
 		(unsigned long long) pr->size,
5f5089
 		(unsigned long long) pr->off,
5f5089
 		(unsigned long long) size,
5f5089
@@ -840,7 +839,7 @@ int blkid_probe_get_idmag(blkid_probe pr, const struct blkid_idinfo *id,
5f5089
 static inline void blkid_probe_start(blkid_probe pr)
5f5089
 {
5f5089
 	if (pr) {
5f5089
-		DBG(LOWPROBE, blkid_debug("%p: start probe", pr));
5f5089
+		DBG(LOWPROBE, blkid_debug("start probe"));
5f5089
 		pr->cur_chain = NULL;
5f5089
 		pr->prob_flags = 0;
5f5089
 		blkid_probe_set_wiper(pr, 0, 0);
5f5089
@@ -850,7 +849,7 @@ static inline void blkid_probe_start(blkid_probe pr)
5f5089
 static inline void blkid_probe_end(blkid_probe pr)
5f5089
 {
5f5089
 	if (pr) {
5f5089
-		DBG(LOWPROBE, blkid_debug("%p: end probe", pr));
5f5089
+		DBG(LOWPROBE, blkid_debug("end probe"));
5f5089
 		pr->cur_chain = NULL;
5f5089
 		pr->prob_flags = 0;
5f5089
 		blkid_probe_set_wiper(pr, 0, 0);
5f5089
diff --git a/libmount/src/fs.c b/libmount/src/fs.c
5f5089
index 75e3bbb26..e46ee0c0e 100644
5f5089
--- a/libmount/src/fs.c
5f5089
+++ b/libmount/src/fs.c
5f5089
@@ -1451,7 +1451,7 @@ int mnt_fs_print_debug(struct libmnt_fs *fs, FILE *file)
5f5089
 {
5f5089
 	if (!fs || !file)
5f5089
 		return -EINVAL;
5f5089
-	fprintf(file, "------ fs: %p\n", fs);
5f5089
+	fprintf(file, "------ fs\n");
5f5089
 	fprintf(file, "source: %s\n", mnt_fs_get_source(fs));
5f5089
 	fprintf(file, "target: %s\n", mnt_fs_get_target(fs));
5f5089
 	fprintf(file, "fstype: %s\n", mnt_fs_get_fstype(fs));
5f5089
diff --git a/libmount/src/init.c b/libmount/src/init.c
5f5089
index 4e5f489c4..e5e6925f5 100644
5f5089
--- a/libmount/src/init.c
5f5089
+++ b/libmount/src/init.c
5f5089
@@ -38,6 +38,11 @@ void mnt_init_debug(int mask)
5f5089
 	} else
5f5089
 		libmount_debug_mask = mask;
5f5089
 
5f5089
+	if (libmount_debug_mask) {
5f5089
+		if (getuid() != geteuid() || getgid() != getegid())
5f5089
+			libmount_debug_mask |= MNT_DEBUG_FL_NOADDR;
5f5089
+	}
5f5089
+
5f5089
 	libmount_debug_mask |= MNT_DEBUG_INIT;
5f5089
 
5f5089
 	if (libmount_debug_mask && libmount_debug_mask != MNT_DEBUG_INIT) {
5f5089
diff --git a/libmount/src/mountP.h b/libmount/src/mountP.h
5f5089
index 8b3f92e17..dc3ed3f49 100644
5f5089
--- a/libmount/src/mountP.h
5f5089
+++ b/libmount/src/mountP.h
5f5089
@@ -51,6 +51,8 @@
5f5089
 #define MNT_DEBUG_DIFF		(1 << 11)
5f5089
 #define MNT_DEBUG_ALL		0xFFFF
5f5089
 
5f5089
+#define MNT_DEBUG_FL_NOADDR	(1 << 24)
5f5089
+
5f5089
 #ifdef CONFIG_LIBMOUNT_DEBUG
5f5089
 # include <stdio.h>
5f5089
 # include <stdarg.h>
5f5089
@@ -91,7 +93,7 @@ mnt_debug_h(void *handler, const char *mesg, ...)
5f5089
 {
5f5089
 	va_list ap;
5f5089
 
5f5089
-	if (handler)
5f5089
+	if (handler && !(libmount_debug_mask & MNT_DEBUG_FL_NOADDR))
5f5089
 		fprintf(stderr, "[%p]: ", handler);
5f5089
 	va_start(ap, mesg);
5f5089
 	vfprintf(stderr, mesg, ap);
5f5089
diff --git a/libmount/src/tab_diff.c b/libmount/src/tab_diff.c
5f5089
index f01f889f8..0a69f402c 100644
5f5089
--- a/libmount/src/tab_diff.c
5f5089
+++ b/libmount/src/tab_diff.c
5f5089
@@ -229,9 +229,9 @@ int mnt_diff_tables(struct libmnt_tabdiff *df, struct libmnt_table *old_tab,
5f5089
 	if (!no && !nn)			/* both tables are empty */
5f5089
 		return 0;
5f5089
 
5f5089
-	DBG(DIFF, mnt_debug_h(df, "analyze new=%p (%d entries), "
5f5089
-				          "old=%p (%d entries)",
5f5089
-				new_tab, nn, old_tab, no));
5f5089
+	DBG(DIFF, mnt_debug_h(df, "analyze new (%d entries), "
5f5089
+				          "old (%d entries)",
5f5089
+				nn, no));
5f5089
 
5f5089
 	mnt_reset_iter(&itr, MNT_ITER_FORWARD);
5f5089
 
5f5089
diff --git a/libmount/src/tab_update.c b/libmount/src/tab_update.c
5f5089
index 5f503cad7..b45c4a92c 100644
5f5089
--- a/libmount/src/tab_update.c
5f5089
+++ b/libmount/src/tab_update.c
5f5089
@@ -173,8 +173,8 @@ int mnt_update_set_fs(struct libmnt_update *upd, unsigned long mountflags,
5f5089
 		return -EINVAL;
5f5089
 
5f5089
 	DBG(UPDATE, mnt_debug_h(upd,
5f5089
-			"resetting FS [fs=0x%p, target=%s, flags=0x%08lx]",
5f5089
-			fs, target, mountflags));
5f5089
+			"resetting FS [target=%s, flags=0x%08lx]",
5f5089
+			target, mountflags));
5f5089
 	if (fs) {
5f5089
 		DBG(UPDATE, mnt_debug_h(upd, "FS template:"));
5f5089
 		DBG(UPDATE, mnt_fs_print_debug(fs, stderr));
5f5089
diff --git a/libsmartcols/src/smartcolsP.h b/libsmartcols/src/smartcolsP.h
5f5089
index 28246c14f..cea4f3101 100644
5f5089
--- a/libsmartcols/src/smartcolsP.h
5f5089
+++ b/libsmartcols/src/smartcolsP.h
5f5089
@@ -43,6 +43,9 @@ UL_DEBUG_DECLARE_MASK(libsmartcols);
5f5089
 #define ON_DBG(m, x)	__UL_DBG_CALL(libsmartcols, SCOLS_DEBUG_, m, x)
5f5089
 #define DBG_FLUSH	__UL_DBG_FLUSH(libsmartcols, SCOLS_DEBUG_)
5f5089
 
5f5089
+#define UL_DEBUG_CURRENT_MASK  UL_DEBUG_MASK(libsmartcols)
5f5089
+#include "debugobj.h"
5f5089
+
5f5089
 /*
5f5089
  * Generic iterator
5f5089
  */
5f5089
diff --git a/sys-utils/lsns.c b/sys-utils/lsns.c
5f5089
index 5ee298172..fb53a16a4 100644
5f5089
--- a/sys-utils/lsns.c
5f5089
+++ b/sys-utils/lsns.c
5f5089
@@ -55,6 +55,9 @@ UL_DEBUG_DEFINE_MASKNAMES(lsns) = UL_DEBUG_EMPTY_MASKNAMES;
5f5089
 #define DBG(m, x)       __UL_DBG(lsns, LSNS_DEBUG_, m, x)
5f5089
 #define ON_DBG(m, x)    __UL_DBG_CALL(lsns, LSNS_DEBUG_, m, x)
5f5089
 
5f5089
+#define UL_DEBUG_CURRENT_MASK  UL_DEBUG_MASK(lsns)
5f5089
+#include "debugobj.h"
5f5089
+
5f5089
 struct idcache *uid_cache = NULL;
5f5089
 
5f5089
 /* column IDs */
5f5089
-- 
5f5089
2.13.6
5f5089