1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
|
#include "system.h"
#include <rpmlib.h>
#include "misc.h"
static struct {
const char *token;
int nargs;
} cmds[] = {
{ "mkdir", 1 },
#define RPMSYSCALL_MKDIR 0
{ "rmdir", 1 },
#define RPMSYSCALL_RMDIR 1
{ "mv", -2 },
#define RPMSYSCALL_MV 2
{ "symlink", 2 },
#define RPMSYSCALL_SYMLINK 3
{ "S_ISLNK", 1 }
#define RPMSYSCALL_ISLNK 4
};
int ncmds = sizeof(cmds)/sizeof(cmds[0]);
int rpmSyscall(const char * cmd, int noexec)
{
const char ** argv = NULL;
int argc;
struct stat st;
int i, j;
int rc;
rc = (noexec)
? poptParseArgvString(cmd, &argc, &argv)
: rpmGlob(cmd, &argc, &argv);
if (rc)
goto exit;
/* Check: argv[0] must be known. */
for (i = 0; i < ncmds; i++) {
if (!strcmp(cmds[i].token, argv[0]))
break;
}
if (i >= ncmds) {
rc = EPERM;
goto exit;
}
/* Check: must have exactly (or, if negative, at least) nargs. */
if (cmds[i].nargs >= 0 && argc != (cmds[i].nargs+1)) {
rc = EPERM;
goto exit;
} else if (argc < (1-cmds[i].nargs)) {
rc = EPERM;
goto exit;
}
/* Check: all args (except for 1st arg to symlink) must start with '/'. */
for (j = (i == RPMSYSCALL_SYMLINK ? 2 : 1); j < argc; j++) {
if (argv[j][0] != '/') {
rc = EPERM;
goto exit;
}
}
/* Check: parse only with 2 or more args, last arg cannot be glob. */
if (noexec) {
if (argc > 2 && myGlobPatternP(argv[argc-1])) {
rc = 1;
goto exit;
}
rc = 0;
goto exit;
}
/* Execute only checks below */
switch (i) {
case RPMSYSCALL_MKDIR: /* mkdir */
{ mode_t mode = 0755;
rc = mkdir(argv[1], mode);
if (rc < 0) rc = errno;
if (stat(argv[1], &st) < 0) {
if (rc == 0) rc = errno;
goto exit;
}
if (!S_ISDIR(st.st_mode)) {
if (rc == 0) rc = ENOTDIR;
goto exit;
}
rc = 0;
} break;
case RPMSYSCALL_RMDIR: /* rmdir */
rc = rmdir(argv[1]);
if (rc < 0) rc = errno;
break;
case RPMSYSCALL_MV: /* mv */
{ dev_t dev;
const char * fn, * bn;
char * t;
size_t bnlen;
/* Check: if more than 2 args ... */
if (argc > 3) {
/* ... last arg must be existing directory ... */
if (stat(argv[argc-1], &st) < 0) {
if (rc == 0) rc = errno;
goto exit;
}
if (!S_ISDIR(st.st_mode)) {
if (rc == 0) rc = ENOTDIR;
goto exit;
}
/* ... and other args must all be on the same device. */
dev = st.st_dev;
bnlen = 0;
for (j = 1; j < (argc-1); j++) {
if (stat(argv[j], &st) < 0) {
if (rc == 0) rc = errno;
goto exit;
}
if (dev != st.st_dev) {
if (rc == 0) rc = EXDEV;
goto exit;
}
bn = strrchr(argv[j], '/');
if (bn) {
int k = strlen(bn);
if (k > bnlen) bnlen = k;
}
}
/* Everything looks OK, so do the renames. */
fn = t = alloca(strlen(argv[argc-1])+2+bnlen);
t = stpcpy(t, argv[argc-1]);
if (t[-1] != '/') *t++ = '/';
for (j = 1; j < (argc-1); j++) {
bn = strrchr(argv[j], '/');
(void) stpcpy(t, bn+1);
rc = rename(argv[j], fn);
if (rc < 0) {
rc = errno;
goto exit;
}
}
} else { /* Otherwise exactly 2 args. */
rc = rename(argv[1], argv[2]);
if (rc < 0) rc = errno;
}
} break;
case RPMSYSCALL_SYMLINK: /* symlink */
rc = symlink(argv[1], argv[2]);
if (rc < 0) rc = errno;
break;
case RPMSYSCALL_ISLNK: /* stat(2) with S_ISLNK */
if (stat(argv[1], &st) < 0) {
if (rc == 0) rc = errno;
goto exit;
}
if (S_ISLNK(st.st_mode)) {
if (rc == 0) rc = EPERM;
goto exit;
}
rc = 0;
break;
default:
rc = EPERM;
break;
}
exit:
if (argv)
free((void *)argv);
return rc;
}
|