summaryrefslogtreecommitdiff
path: root/src/unistd/faccessat.c
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2013-08-03 03:16:24 -0400
committerRich Felker <dalias@aerifal.cx>2013-08-03 03:16:24 -0400
commit0a05eace163cee9b08571d2ff9d90f5e82d9c228 (patch)
treeda9d2dee9ac95bc75101e87cb300c77eff744bb8 /src/unistd/faccessat.c
parent89384f78ce79efba22ab3a77e50c3f2a95233f8c (diff)
downloadmusl-0a05eace163cee9b08571d2ff9d90f5e82d9c228.tar.gz
musl-0a05eace163cee9b08571d2ff9d90f5e82d9c228.tar.bz2
musl-0a05eace163cee9b08571d2ff9d90f5e82d9c228.tar.xz
musl-0a05eace163cee9b08571d2ff9d90f5e82d9c228.zip
fix faccessat to support AT_EACCESS flag
this is another case of the kernel syscall failing to support flags where it needs to, leading to horrible workarounds in userspace. this time the workaround requires changing uid/gid, and that's not safe to do in the current process. in the worst case, kernel resource limits might prevent recovering the original values, and then there would be no way to safely return. so, use the safe but horribly inefficient alternative: forking. clone is used instead of fork to suppress signals from the child. fortunately this worst-case code is only needed when effective and real ids mismatch, which mainly happens in suid programs.
Diffstat (limited to 'src/unistd/faccessat.c')
-rw-r--r--src/unistd/faccessat.c47
1 files changed, 46 insertions, 1 deletions
diff --git a/src/unistd/faccessat.c b/src/unistd/faccessat.c
index 1efbb778..0256d60f 100644
--- a/src/unistd/faccessat.c
+++ b/src/unistd/faccessat.c
@@ -1,7 +1,52 @@
#include <unistd.h>
+#include <fcntl.h>
#include "syscall.h"
+#include "pthread_impl.h"
+
+struct ctx {
+ int fd;
+ const char *filename;
+ int amode;
+ int p;
+};
+
+static int checker(void *p)
+{
+ struct ctx *c = p;
+ int ret;
+ if (__syscall(SYS_setgid, __syscall(SYS_getegid))
+ || __syscall(SYS_setuid, __syscall(SYS_geteuid)))
+ __syscall(SYS_exit, 1);
+ ret = __syscall(SYS_faccessat, c->fd, c->filename, c->amode, 0);
+ __syscall(SYS_write, c->p, &ret, sizeof ret);
+ __syscall(SYS_exit, 0);
+}
int faccessat(int fd, const char *filename, int amode, int flag)
{
- return syscall(SYS_faccessat, fd, filename, amode, flag);
+ if (!flag || (flag==AT_EACCESS && getuid()==geteuid() && getgid()==getegid()))
+ return syscall(SYS_faccessat, fd, filename, amode, flag);
+
+ if (flag != AT_EACCESS)
+ return __syscall_ret(-EINVAL);
+
+ char stack[1024];
+ sigset_t set;
+ int ret, p[2];
+
+ if (pipe(p)) return __syscall_ret(-EBUSY);
+ struct ctx c = { .fd = fd, .filename = filename, .amode = amode, .p = p[1] };
+
+ __block_app_sigs(&set);
+
+ ret = __clone(checker, stack+sizeof stack, 0, &c);
+ __syscall(SYS_close, p[1]);
+
+ if (ret<0 || __syscall(SYS_read, p[0], &ret, sizeof ret) != sizeof(ret))
+ ret = -EBUSY;
+ __syscall(SYS_close, p[0]);
+
+ __restore_sigs(&set);
+
+ return __syscall_ret(ret);
}