search for: do_usermodehelper_file

...ilian attems <max at stro.at> AuthorDate: Tue, 29 May 2012 18:58:31 +0200 Committer: maximilian attems <max at stro.at> CommitDate: Tue, 29 May 2012 19:03:08 +0200 [klibc] capabilities: Use fflush() instead of fseek() It shouldn't use stream I/O against a control device at all in do_usermodehelper_file(), as noted by hpa. Stylistically rewind seems cleaner, but fflush() has error checking. Reported-by: H. Peter Anvin <hpa at zytor.com> Signed-off-by: maximilian attems <max at stro.at> --- usr/kinit/capabilities.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff -...

...1) { + ret = prctl(PR_CAPBSET_DROP, cap_ordinal); + if (ret != 0) + fail("Error dropping capability %s from bset\n", + capabilities[cap_ordinal].cap_name); + } else if (ret < 0) + fail("Kernel doesn't recognize capability %d\n", cap_ordinal); +} + +static void do_usermodehelper_file(const char *filename, int cap_ordinal) +{ + uint32_t lo32, hi32; + FILE *file; + static const size_t buf_size = 80; + char buf[buf_size]; + char tail; + size_t bytes_read; + int ret; + + /* Try and open the file */ + file = fopen(filename, "r+"); + if (!file && errno == ENOENT) +...

...ax at stro.at> --- usr/kinit/capabilities.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/usr/kinit/capabilities.c b/usr/kinit/capabilities.c index eab4d93..c606144 100644 --- a/usr/kinit/capabilities.c +++ b/usr/kinit/capabilities.c @@ -167,6 +167,9 @@ static void do_usermodehelper_file(const char *filename, int cap_ordinal) hi32 &= ~(1 << (cap_ordinal - 32)); /* Commit the new bit masks to the kernel */ + ret = fseek(file, 0L, SEEK_SET); + if (ret != 0) + fail("Failed on file %s to seek %d\n", filename, ret); sprintf(buf, "%u %u", lo32, hi3...

...0701f6209 --- usr/kinit/capabilities.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/usr/kinit/capabilities.c b/usr/kinit/capabilities.c index e743a70fec0f..4e0456ee7407 100644 --- a/usr/kinit/capabilities.c +++ b/usr/kinit/capabilities.c @@ -172,9 +172,9 @@ static void do_usermodehelper_file(const char *filename, int cap_ordinal) ret = fflush(file); if (ret != 0) fail("Failed on file %s to fflush %d\n", filename, ret); - sprintf(buf, "%u %u", lo32, hi32); - ret = fwrite(buf, 1, strlen(buf) + 1, file); - if (ret != 0) + sprintf(buf, "%u %u\n", lo32,...

This patchset applies to klibc mainline. As is it will probably collide with Maximilian's recent patch to rename run-init to switch_root posted last week. To boot an untrusted environment with certain capabilities locked out, we'd like to be able to drop the capabilities up front from early userspace, before we actually transition onto the root volume. This patchset implements this by