summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorElena Reshetova <elena.reshetova@intel.com>2012-09-06 10:52:12 +0300
committerGui Chen <gui.chen@intel.com>2012-09-12 14:08:47 +0800
commit50f2248579aadb7f2d6be064c20f2f331149e2fe (patch)
tree0ba7443e76dd846bdb293a5b7287251514eb10fd
parentaa1b1a9d20a740415fe21b3baaa20d9bdbb64679 (diff)
downloadrpm-50f2248579aadb7f2d6be064c20f2f331149e2fe.tar.gz
rpm-50f2248579aadb7f2d6be064c20f2f331149e2fe.tar.bz2
rpm-50f2248579aadb7f2d6be064c20f2f331149e2fe.zip
Moving to use libmagic directly for file content check
-rw-r--r--packaging/rpm.changes4
-rw-r--r--packaging/rpm.spec1
-rw-r--r--packaging/security_4.9.1.patch73
3 files changed, 40 insertions, 38 deletions
diff --git a/packaging/rpm.changes b/packaging/rpm.changes
index 1563836..c5fac79 100644
--- a/packaging/rpm.changes
+++ b/packaging/rpm.changes
@@ -1,3 +1,7 @@
+* Thu Sep 6 2012 Elena Reshetova <elena.reshetova@intel.com> - 4.9.0
+- Changes to the security plugin
+ - Using libmagic instead of file utility to check file's content
+
* Wed Sep 5 2012 Elena Reshetova <elena.reshetova@intel.com> - 4.9.0
- Changes to the security plugin
- Removing the fopen check before setting xattr
diff --git a/packaging/rpm.spec b/packaging/rpm.spec
index cebe019..b83d13b 100644
--- a/packaging/rpm.spec
+++ b/packaging/rpm.spec
@@ -139,7 +139,6 @@ that are used to build packages using the RPM Package Manager.
Summary: MSM security plugin for rpm
Group: Development/Libraries
Requires: rpm = %{version}-%{release}
-Requires: file
%description security-plugin
This package contains the MSM security plugin for rpm that performs
diff --git a/packaging/security_4.9.1.patch b/packaging/security_4.9.1.patch
index 53c0471..e943951 100644
--- a/packaging/security_4.9.1.patch
+++ b/packaging/security_4.9.1.patch
@@ -121,7 +121,7 @@ diff -Nuarp rpm/configure.ac rpm-security/configure.ac
+
+AS_IF([test "$with_msm" = yes],[
+ AC_DEFINE(WITH_MSM, 1, [Build with msm support?])
-+ WITH_MSM_LIB="`xml2-config --libs` -lcap -lattr -lsmack"
++ WITH_MSM_LIB="`xml2-config --libs` -lcap -lattr -lsmack -lmagic"
+ WITH_MSM_INCLUDE="`xml2-config --cflags`"
+])
+AC_SUBST(WITH_MSM_LIB)
@@ -964,7 +964,7 @@ diff -Nuarp rpm/security/Makefile.msm rpm-security/security/Makefile.msm
diff -Nuarp rpm/security/msm.c rpm-security/security/msm.c
--- rpm/security/msm.c 1970-01-01 02:00:00.000000000 +0200
+++ rpm-security/security/msm.c 2012-08-06 13:32:38.137823835 +0300
-@@ -0,0 +1,903 @@
+@@ -0,0 +1,915 @@
+/*
+ * This file is part of MSM security plugin
+ * Greatly based on the code of MSSF security plugin
@@ -1041,6 +1041,7 @@ diff -Nuarp rpm/security/msm.c rpm-security/security/msm.c
+static fileconflict *allfileconflicts = NULL;
+static char* ownSmackLabel = NULL;
+static int SmackEnabled = 0;
++static magic_t cookie;
+
+rpmRC SECURITYHOOK_INIT_FUNC(rpmts _ts, const char *_opts)
+{
@@ -1095,6 +1096,16 @@ diff -Nuarp rpm/security/msm.c rpm-security/security/msm.c
+ }
+
+ rpmlog(RPMLOG_DEBUG, "rpm security context: %s\n", ownSmackLabel);
++
++ cookie = magic_open(0);
++ if (!cookie)
++ return RPMRC_FAIL;
++
++ if (magic_load(cookie, NULL) != 0) {
++ rpmlog(RPMLOG_ERR, "cannot load magic database - %s\n", magic_error(cookie));
++ magic_close(cookie);
++ return RPMRC_FAIL;
++ }
+
+ return RPMRC_OK;
+}
@@ -1698,7 +1709,7 @@ diff -Nuarp rpm/security/msm.c rpm-security/security/msm.c
+ ctx->path = NULL;
+ ctx->ino = 0;
+ if (rpmteType(ctx->te) == TR_ADDED) {
-+ if (msmSetFileXAttributes(ctx->mfx, file->path) < 0) {
++ if (msmSetFileXAttributes(ctx->mfx, file->path, cookie) < 0) {
+ rpmlog(RPMLOG_ERR, "Setting of extended attributes failed for file %s from package %s\n",
+ file->path, rpmteN(ctx->te));
+ return RPMRC_FAIL;
@@ -1819,6 +1830,7 @@ diff -Nuarp rpm/security/msm.c rpm-security/security/msm.c
+ }
+
+ msmFreePointer((void**)&ownSmackLabel);
++ magic_close(cookie);
+
+ return RPMRC_OK;
+}
@@ -2139,7 +2151,7 @@ diff -Nuarp rpm/security/msmconfig.c rpm-security/security/msmconfig.c
diff -Nuarp rpm/security/msm.h rpm-security/security/msm.h
--- rpm/security/msm.h 1970-01-01 02:00:00.000000000 +0200
+++ rpm-security/security/msm.h 2012-08-06 12:49:34.377011655 +0300
-@@ -0,0 +1,467 @@
+@@ -0,0 +1,469 @@
+/*
+ * This file is part of MSM security plugin
+ * Greatly based on the code of MSSF security plugin
@@ -2199,6 +2211,7 @@ diff -Nuarp rpm/security/msm.h rpm-security/security/msm.h
+#include <uthash.h>
+#include <sys/capability.h>
+#include <sys/smack.h>
++#include <magic.h>
+
+/** \ingroup msm
+ * List definitions.
@@ -2533,9 +2546,10 @@ diff -Nuarp rpm/security/msm.h rpm-security/security/msm.h
+ * Set extended attributes of the file based on manifest.
+ * @param mfx package manifest
+ * @param filepath path of the file
++ * @param cookie magic cookie
+ * @return 0 on success, else -1
+ */
-+int msmSetFileXAttributes(manifest_x *mfx, const char* filepath);
++int msmSetFileXAttributes(manifest_x *mfx, const char* filepath, magic_t cookie);
+
+/** \ingroup msm
+ * Set setup the request section of manifest.
@@ -4173,7 +4187,7 @@ diff -Nuarp rpm/security/msmmatch.c rpm-security/security/msmmatch.c
diff -Nuarp rpm/security/msmxattr.c rpm-security/security/msmxattr.c
--- rpm/security/msmxattr.c 1970-01-01 02:00:00.000000000 +0200
+++ rpm-security/security/msmxattr.c 2012-08-06 13:37:44.891344948 +0300
-@@ -0,0 +1,1331 @@
+@@ -0,0 +1,1316 @@
+/*
+ * This file is part of MSM security plugin
+ * Greatly based on the code of MSSF security plugin
@@ -4215,6 +4229,7 @@ diff -Nuarp rpm/security/msmxattr.c rpm-security/security/msmxattr.c
+#include <grp.h>
+#include <attr/xattr.h>
+#include <uthash.h>
++#include <magic.h>
+
+#include "msm.h"
+
@@ -5292,46 +5307,30 @@ diff -Nuarp rpm/security/msmxattr.c rpm-security/security/msmxattr.c
+ }
+}
+
-+static int is_executable(const char* path)
++static int is_executable(const char* path, magic_t cookie)
+{
-+ char buffer[1024];
-+ int result;
-+ char string[] = "file \"";
-+ char* ptr = NULL, *ptr1 = NULL;
-+ FILE* pipe;
++ const char* buffer = NULL;
++ int result = -1;
++ char* ptr = NULL;
+
-+ if (!path)
-+ return -1;
++ if ((!path) || (!cookie))
++ return result;
+
-+ char* str = calloc(strlen(path) + 8, sizeof (char*));
-+ strncpy(str, string, 6);
-+ strncpy(str + 6, path, strlen(path));
-+ strncpy(str + 6 + strlen(path), "\"", 1);
++ buffer = magic_file(cookie, path);
+
-+ pipe = popen(str, "r");
-+ if (!pipe) {
-+ msmFreePointer((void**)&str);
-+ return -1;
-+ }
-+
-+ result = -1;
++ rpmlog(RPMLOG_DEBUG, "buffer: %s\n", buffer);
+
-+ if(fgets(buffer, 1023, pipe) != NULL) {
-+ ptr = strchr(buffer,':');
-+ if (ptr!= NULL) {
-+ ptr1 = strstr(ptr,"executable");
-+ if (ptr1) result = 0;
-+ ptr1 = strstr(ptr,"ELF");
-+ if (ptr1) result = 0;
-+ }
++ if (buffer != NULL) {
++ ptr = strstr(buffer,"executable");
++ if (ptr) result = 0;
++ ptr = strstr(buffer,"ELF");
++ if (ptr) result = 0;
+ }
+
-+ msmFreePointer((void**)&str);
-+ pclose(pipe);
+ return result;
+}
+
-+int msmSetFileXAttributes(manifest_x *mfx, const char* filepath)
++int msmSetFileXAttributes(manifest_x *mfx, const char* filepath, magic_t cookie)
+{
+ provide_x *provide = NULL;
+ filesystem_x *filesystem = NULL;
@@ -5420,7 +5419,7 @@ diff -Nuarp rpm/security/msmxattr.c rpm-security/security/msmxattr.c
+ label, filepath, strerror(errno));
+ }
+
-+ if ((is_executable(filepath)) == 0) {
++ if ((is_executable(filepath, cookie)) == 0) {
+ if ((exec_label) && (strcmp(exec_label, "none") == 0)) {
+ // do not set SMACK64EXEC
+ rpmlog(RPMLOG_INFO, "not setting SMACK64EXEC for %s as requested in manifest\n", filepath);