Exemple #1
0
int parse_ip(struct parser *p, uint64_t *ip, enum pt_ip_compression *ipc,
	     char *payload)
{
	int errcode;
	char *endptr;

	if (bug_on(!ip))
		return -err_internal;

	if (bug_on(!ipc))
		return -err_internal;

	*ipc = pt_ipc_suppressed;
	*ip = 0;

	payload = strtok(payload, " :");
	if (!payload || *payload == '\0')
		return -err_parse_no_args;

	*ipc = (enum pt_ip_compression) strtol(payload, &endptr, 0);
	if (payload == endptr || *endptr != '\0')
		return -err_parse_ipc;

	/* is ipc valid?  */
	errcode = check_ipc(*ipc);
	if (errcode < 0)
		return errcode;

	payload = strtok(NULL, " :");
	if (!payload)
		return -err_parse_ip_missing;

	/* can be resolved to a label?  */
	if (*payload == '%') {
		int errcode;

		if (!p)
			return -err_internal;

		errcode = yasm_lookup_label(p->y, ip, payload + 1);
		if (errcode < 0)
			return errcode;
	} else {
		/* can be parsed as address?  */
		int errcode;

		errcode = str_to_uint64(payload, ip);
		if (errcode < 0)
			return errcode;
	}

	/* no more tokens left.  */
	payload = strtok(NULL, " ");
	if (payload)
		return -err_parse_trailing_tokens;

	return 0;
}
Exemple #2
0
/*
 * Check access.
 *
 * This method check a file or recursively scan directories and verify
 * the file access modes are enforced.
 */
void
check_access (char *pathname, uid_t uid, gid_t gid)
{
  int count = 0;
  int i = 0;
  int rc = 0;
  char entry[MAXPATHLEN];
  struct dirent **entries;
  struct stat statbuf;

  /* Start with clean buffers */
  memset (&statbuf, '\0', sizeof (statbuf));

  /* Test System V Message Queue - IPC */
  if ((strcmp (pathname, "ipc_obj")) == 0)
    {
      printf ("Testing IPC objects\n");
      if (check_ipc (uid, gid) == -1)
        {
          printf ("\nERROR: %s. Could not obtain ipc "
                  "status. errno = %d\n", pathname, errno);
          goto EXIT;
        }
      goto EXIT;
    }
  /* Get file stat info. */
  if ((rc = lstat (pathname, &statbuf)) == -1)
    {
      printf ("\nERROR: %s. Could not obtain file status. errno = %d\n",
              pathname, errno);
      goto EXIT;
    }

  /* If link, skip it. */
  if (S_ISLNK (statbuf.st_mode))
    {
      printf ("Link: skipping %s\n", entry);
      goto EXIT;
    }

  /* If not a directory, check it and leave. */
  if (!(S_ISDIR (statbuf.st_mode)))
    {
      testall (&statbuf, pathname, uid, gid);
      goto EXIT;
    }

  /*
   *If directory, recurse through all subdirectories,
   * checking all files.
   */
  if ((count = scandir (pathname, &entries, file_select, alphasort)) == -1)
    {
      printf ("\nERROR: %s. Could not scandir. errno = %d\n",
              pathname, errno);
      goto EXIT;
    }
  for (i = 0; i < count; i++)
    {
      sprintf (entry, "%s/%s", pathname, entries[i]->d_name);
      /*
       * If link, skip it
       * Else if directory, call check_access() recursively
       */
      if (entries[i]->d_type == DT_LNK)
        {
          printf ("Link: skipping %s\n", entry);
          continue;
        }
      else if (entries[i]->d_type == DT_DIR)
        {
          check_access (entry, uid, gid);
          continue;
        }

      /* Clean the buffer */
      memset (&statbuf, '\0', sizeof (statbuf));

      /* Get file stat info. */
      if ((rc = lstat (entry, &statbuf)) == -1)
        {
          printf ("\nERROR: %s. Could not obtain file status. errno = %d\n",
                  pathname, errno);
          continue;
        }

      /* The directory entry doesn't always seem to have the
       * right info. So we check again after the stat().
       *
       * If link, skip it
       * Else if directory, call check_access() recursively
       * Else check access
       */
      if (S_ISLNK (statbuf.st_mode))
        {
          printf ("Link: (2) skipping %s\n", entry);
          continue;
        }
      else if (S_ISDIR (statbuf.st_mode))
        {
          check_access (entry, uid, gid);
          continue;
        }
      else
        {
          testall (&statbuf, entry, uid, gid);
          continue;
        }
    }
EXIT:
  return;
}
Exemple #3
0
int cr_check(void)
{
	struct ns_id ns = { .type = NS_CRIU, .ns_pid = PROC_SELF, .nd = &mnt_ns_desc };
	int ret = 0;

	if (!is_root_user())
		return -1;

	root_item = alloc_pstree_item();
	if (root_item == NULL)
		return -1;

	root_item->pid.real = getpid();

	if (collect_pstree_ids())
		return -1;

	ns.id = root_item->ids->mnt_ns_id;

	mntinfo = collect_mntinfo(&ns, false);
	if (mntinfo == NULL)
		return -1;

	if (chk_feature) {
		ret = chk_feature();
		goto out;
	}

	ret |= check_map_files();
	ret |= check_sock_diag();
	ret |= check_ns_last_pid();
	ret |= check_sock_peek_off();
	ret |= check_kcmp();
	ret |= check_prctl();
	ret |= check_fcntl();
	ret |= check_proc_stat();
	ret |= check_tcp();
	ret |= check_fdinfo_ext();
	ret |= check_unaligned_vmsplice();
	ret |= check_tty();
	ret |= check_so_gets();
	ret |= check_ipc();
	ret |= check_sigqueuinfo();
	ret |= check_ptrace_peeksiginfo();
	ret |= check_ptrace_suspend_seccomp();
	ret |= check_ptrace_dump_seccomp_filters();
	ret |= check_mem_dirty_track();
	ret |= check_posix_timers();
	ret |= check_tun_cr(0);
	ret |= check_timerfd();
	ret |= check_mnt_id();
	ret |= check_aio_remap();
	ret |= check_fdinfo_lock();
	ret |= check_clone_parent_vs_pid();

out:
	if (!ret)
		print_on_level(DEFAULT_LOGLEVEL, "Looks good.\n");

	return ret;
}