Overview
| Comment: | Allow administrators to provide additional/replaced permissions for files, fixed suidRoot setting |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
e9fcc6d8f52f28a19bad96be870994ef |
| User & Date: | rkeene on 2015-03-19 16:09:20 |
| Other Links: | manifest | tags |
Context
|
2015-03-20
| ||
| 01:46 | Updated to lowercase permissions read from the database, for security check-in: 0ab26b4975 user: rkeene tags: trunk | |
|
2015-03-19
| ||
| 16:09 | Allow administrators to provide additional/replaced permissions for files, fixed suidRoot setting check-in: e9fcc6d8f5 user: rkeene tags: trunk | |
| 15:43 | Updated to indicate local files are not world-accessible (good idea ?) check-in: 9be4aa6a4a user: rkeene tags: trunk | |
Changes
Modified appfsd.c from [3e9adabf49] to [fe7e6328bd].
| ︙ | ︙ | |||
139 140 141 142 143 144 145 |
unsigned long long inode;
union {
struct {
int childcount;
} dir;
struct {
int executable;
| | | 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 |
unsigned long long inode;
union {
struct {
int childcount;
} dir;
struct {
int executable;
int suidRoot;
int worldaccessible;
off_t size;
} file;
struct {
off_t size;
char source[256];
} symlink;
|
| ︙ | ︙ | |||
932 933 934 935 936 937 938 | } break; case 'f': /* file */ pathinfo->type = APPFS_PATHTYPE_FILE; pathinfo->typeinfo.file.size = 0; pathinfo->typeinfo.file.executable = 0; | | | | 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 |
}
break;
case 'f': /* file */
pathinfo->type = APPFS_PATHTYPE_FILE;
pathinfo->typeinfo.file.size = 0;
pathinfo->typeinfo.file.executable = 0;
pathinfo->typeinfo.file.suidRoot = 0;
pathinfo->typeinfo.file.worldaccessible = 0;
Tcl_DictObjGet(interp, attrs_dict, attr_key_size, &attr_value);
if (attr_value != NULL) {
tcl_ret = Tcl_GetWideIntFromObj(NULL, attr_value, &attr_value_wide);
if (tcl_ret == TCL_OK) {
pathinfo->typeinfo.file.size = attr_value_wide;
}
}
Tcl_DictObjGet(interp, attrs_dict, attr_key_perms, &attr_value);
if (attr_value != NULL) {
attr_value_str = Tcl_GetString(attr_value);
for (attr_value_str_i = &attr_value_str[0]; *attr_value_str_i != '\0'; attr_value_str_i++) {
switch (*attr_value_str_i) {
case 'x':
pathinfo->typeinfo.file.executable = 1;
break;
case 'U':
pathinfo->typeinfo.file.suidRoot = 1;
break;
case '-':
pathinfo->typeinfo.file.worldaccessible = 1;
break;
}
|
| ︙ | ︙ | |||
1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 |
memcpy(buf, pathinfo.typeinfo.symlink.source, strlen(pathinfo.typeinfo.symlink.source) + 1);
return(0);
}
static int appfs_fuse_getattr(const char *path, struct stat *stbuf) {
struct appfs_pathinfo pathinfo;
int retval;
retval = 0;
APPFS_DEBUG("Enter (path = %s, ...)", path);
#if (defined(DEBUG) && defined(APPFS_EXIT_PATH)) || defined(APPFS_EXIT_PATH_ENABLE_MAJOR_SECURITY_HOLE)
| > | 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 |
memcpy(buf, pathinfo.typeinfo.symlink.source, strlen(pathinfo.typeinfo.symlink.source) + 1);
return(0);
}
static int appfs_fuse_getattr(const char *path, struct stat *stbuf) {
struct appfs_pathinfo pathinfo;
int changeOwnerToUserIfPackaged;
int retval;
retval = 0;
APPFS_DEBUG("Enter (path = %s, ...)", path);
#if (defined(DEBUG) && defined(APPFS_EXIT_PATH)) || defined(APPFS_EXIT_PATH_ENABLE_MAJOR_SECURITY_HOLE)
|
| ︙ | ︙ | |||
1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 |
stbuf->st_mtime = pathinfo.time;
stbuf->st_ctime = pathinfo.time;
stbuf->st_atime = pathinfo.time;
stbuf->st_ino = pathinfo.inode;
stbuf->st_mode = 0;
switch (pathinfo.type) {
case APPFS_PATHTYPE_DIRECTORY:
stbuf->st_mode = S_IFDIR | 0555;
stbuf->st_nlink = 2 + pathinfo.typeinfo.dir.childcount;
break;
case APPFS_PATHTYPE_FILE:
| > > < | | > | | > > | | 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 |
stbuf->st_mtime = pathinfo.time;
stbuf->st_ctime = pathinfo.time;
stbuf->st_atime = pathinfo.time;
stbuf->st_ino = pathinfo.inode;
stbuf->st_mode = 0;
changeOwnerToUserIfPackaged = 1;
switch (pathinfo.type) {
case APPFS_PATHTYPE_DIRECTORY:
stbuf->st_mode = S_IFDIR | 0555;
stbuf->st_nlink = 2 + pathinfo.typeinfo.dir.childcount;
break;
case APPFS_PATHTYPE_FILE:
stbuf->st_mode = S_IFREG | 0444;
if (pathinfo.typeinfo.file.executable) {
stbuf->st_mode |= 0111;
}
if (pathinfo.typeinfo.file.suidRoot) {
changeOwnerToUserIfPackaged = 0;
stbuf->st_mode |= 04000;
}
if (pathinfo.typeinfo.file.worldaccessible) {
stbuf->st_mode &= ~077;
}
stbuf->st_nlink = 1;
|
| ︙ | ︙ | |||
1235 1236 1237 1238 1239 1240 1241 | break; case APPFS_PATHTYPE_INVALID: retval = -EIO; break; } | | | 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 |
break;
case APPFS_PATHTYPE_INVALID:
retval = -EIO;
break;
}
if (pathinfo.packaged && changeOwnerToUserIfPackaged) {
stbuf->st_uid = appfs_get_fsuid();
stbuf->st_gid = appfs_get_fsgid();
stbuf->st_mode |= 0200;
}
return(retval);
}
|
| ︙ | ︙ | |||
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 |
** Add FUSE arguments which we always supply
**/
fuse_opt_add_arg(args, "-odefault_permissions,fsname=appfs,subtype=appfsd,use_ino,kernel_cache,entry_timeout=0,attr_timeout=0,big_writes,intr,hard_remove");
if (getuid() == 0) {
fuse_opt_parse(args, NULL, NULL, NULL);
fuse_opt_add_arg(args, "-oallow_other");
}
while ((ch = getopt(argc, argv, "dfshvo:")) != -1) {
switch (ch) {
case 'v':
/* Ignored */
break;
| > > > > > > > | 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026 2027 2028 2029 2030 2031 |
** Add FUSE arguments which we always supply
**/
fuse_opt_add_arg(args, "-odefault_permissions,fsname=appfs,subtype=appfsd,use_ino,kernel_cache,entry_timeout=0,attr_timeout=0,big_writes,intr,hard_remove");
if (getuid() == 0) {
fuse_opt_parse(args, NULL, NULL, NULL);
fuse_opt_add_arg(args, "-oallow_other");
/*
* This should generally be avoided, but if there are security
* concerns suid can be disabled completely on the commandline
*/
fuse_opt_parse(args, NULL, NULL, NULL);
fuse_opt_add_arg(args, "-osuid");
}
while ((ch = getopt(argc, argv, "dfshvo:")) != -1) {
switch (ch) {
case 'v':
/* Ignored */
break;
|
| ︙ | ︙ |
Modified appfsd.tcl from [c5b01df3b2] to [ca14ca67ab].
| ︙ | ︙ | |||
36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
return "http://$hostname/appfs/$method/$hash"
}
# User-replaceable function get the home directory of the current user
proc get_homedir {} {
return [::appfsd::get_homedir]
}
}
namespace eval ::appfs {
variable cachedir "/tmp/appfs-cache"
variable ttl 3600
variable nttl 60
variable trusted_cas [list]
| > > > > > > > > > | 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 |
return "http://$hostname/appfs/$method/$hash"
}
# User-replaceable function get the home directory of the current user
proc get_homedir {} {
return [::appfsd::get_homedir]
}
# User-replacable function to update permissions
proc change_perms {file perms} {
if {[info exists ::appfs::user::add_perms($file)]} {
append perms $::appfs::user::add_perms($file)
}
return $perms
}
}
namespace eval ::appfs {
variable cachedir "/tmp/appfs-cache"
variable ttl 3600
variable nttl 60
variable trusted_cas [list]
|
| ︙ | ︙ | |||
751 752 753 754 755 756 757 758 759 760 761 762 763 764 |
"directory" {
set retval(type) "directory"
set retval(childcount) [llength [getchildren $path]]
}
"file" {
set retval(type) "file"
set retval(size) $localpathinfo(size)
_as_user {
if {[file executable $localpath]} {
set retval(perms) "x-"
} else {
set retval(perms) "-"
}
}
| > > > > | 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 |
"directory" {
set retval(type) "directory"
set retval(childcount) [llength [getchildren $path]]
}
"file" {
set retval(type) "file"
set retval(size) $localpathinfo(size)
# Once the user writes to a file, all its other
# attributes (such as suid) are lost
_as_user {
if {[file executable $localpath]} {
set retval(perms) "x-"
} else {
set retval(perms) "-"
}
}
|
| ︙ | ︙ | |||
789 790 791 792 793 794 795 796 797 798 799 800 801 802 |
set file [lindex $work end]
if {$directory == "" && $file == ""} {
array set retval [list type directory]
}
::appfs::db eval {SELECT type, time, source, size, perms FROM files WHERE package_sha1 = $pathinfo(package_sha1) AND file_directory = $directory AND file_name = $file;} retval {}
if {[info exists retval(type)] && $retval(type) == "directory"} {
set retval(childcount) [llength [getchildren $path]]
}
unset -nocomplain retval(*)
}
| > > > > > | 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 |
set file [lindex $work end]
if {$directory == "" && $file == ""} {
array set retval [list type directory]
}
::appfs::db eval {SELECT type, time, source, size, perms FROM files WHERE package_sha1 = $pathinfo(package_sha1) AND file_directory = $directory AND file_name = $file;} retval {}
# Allow an administrator to supply additional permissions to remote files
if {[info exists retval(perms)]} {
set retval(perms) [::appfs::user::change_perms $path $retval(perms)]
}
if {[info exists retval(type)] && $retval(type) == "directory"} {
set retval(childcount) [llength [getchildren $path]]
}
unset -nocomplain retval(*)
}
|
| ︙ | ︙ |