/**
* Spawn external command using system() with dropped privileges.
* TODO: avoid system() and use exec*() instead
*/
static int spawn_command(const char *cmd, uid_t uid){
int child;
int status = -1;
if (verbose > 1)
printf("spawn_command: %s\n", cmd);
child = fork();
if (child == -1) {
perror(_("Unable to fork"));
return status;
}
if (child == 0) {
if (drop_privs(uid) != 0) exit(-1);
status = system(cmd);
status_to_retval(status, status);
exit(status);
}
waitpid(child, &status, 0);
status_to_retval(status, status);
return status;
}
/*
* rend_private_init
*
* Initialize howl and start runloop
*/
int rend_private_init(char *user) {
sw_result result;
DPRINTF(E_DBG,L_REND,"Starting rendezvous services\n");
signal(SIGHUP, SIG_IGN); // SIGHUP might happen from a request to reload the daap server
if(sw_discovery_init(&rend_handle) != SW_OKAY) {
DPRINTF(E_WARN,L_REND,"Error initializing howl\n");
errno=EINVAL;
return -1;
}
if(drop_privs(user))
return -1;
DPRINTF(E_DBG,L_REND,"Starting polling thread\n");
if(pthread_create(&rend_tid,NULL,rend_pipe_monitor,NULL)) {
DPRINTF(E_FATAL,L_REND,"Could not start thread. Terminating\n");
/* should kill parent, too */
exit(EXIT_FAILURE);
}
DPRINTF(E_DBG,L_REND,"Entering runloop\n");
sw_discovery_run(rend_handle);
DPRINTF(E_DBG,L_REND,"Exiting runloop\n");
return 0;
}
int main(int argc, char* argv[]) {
int rc;
/* drop privileges */
if (drop_privs() < 0) return EXIT_FAILURE;
/* parse arguments */
parse_args(argc, argv);
/* initialize secure storage directory */
rc = storage_init(ss_data_root);
if (rc < 0) return EXIT_FAILURE;
/* open rpmb device */
rc = rpmb_open(rpmb_devname, dev_type);
if (rc < 0) return EXIT_FAILURE;
/* connect to Trusty secure storage server */
rc = ipc_connect(trusty_devname, ss_srv_name);
if (rc < 0) return EXIT_FAILURE;
/* enter main loop */
rc = proxy_loop();
ALOGE("exiting proxy loop with status (%d)\n", rc);
ipc_disconnect();
rpmb_close();
return (rc < 0) ? EXIT_FAILURE : EXIT_SUCCESS;
}
static int do_mount(const char *dev, const char *mnt, const char *type,
mode_t rootmode, int fd, int fuseflags)
{
int res;
struct fuse_mount_data data;
int flags = MS_NOSUID | MS_NODEV;
if(getuid() != 0) {
res = drop_privs();
if(res == -1)
return -1;
flags |= MS_PERMISSION;
}
data.version = FUSE_KERNEL_VERSION;
data.fd = fd;
data.rootmode = rootmode;
data.uid = getuid();
data.flags = fuseflags;
res = mount(dev, mnt, type, flags, &data);
if(res == -1)
fprintf(stderr, "%s: mount failed: %s\n", progname, strerror(errno));
if(getuid() != 0)
restore_privs();
return res;
}
static int try_open(const char *dev, char **devp)
{
int fd;
if (restore_privs())
return -1;
fd = open(dev, O_RDWR);
if (drop_privs())
return -1;
if (fd != -1) {
*devp = strdup(dev);
if (*devp == NULL) {
fprintf(stderr, "%s: failed to allocate memory\n", progname);
close(fd);
fd = -1;
}
} else if (errno == ENODEV ||
errno == ENOENT) /* check for ENOENT too, for the udev case */
return -2;
else {
fprintf(stderr, "%s: failed to open %s: %s\n", progname, dev,
strerror(errno));
}
return fd;
}
int main(void)
{
_buttonusr_isr = (void *)&buttonisr_usr;
_timerusr_isr = (void *)&timerisr_usr;
_mmhusr_isr = (void *)&mmhisr;
/* Drop privileges */
drop_privs();
/* Init board */
kk_board_init();
/* Program the model into OTP, if we're not in screen-test mode, and it's
* not already there
*/
(void)flash_programModel();
/* Init for safeguard against stack overflow (-fstack-protector-all) */
__stack_chk_guard = (uintptr_t)random32();
/* Bootloader Verification */
check_bootloader();
led_func(SET_RED_LED);
dbg_print("Application Version %d.%d.%d\n\r", MAJOR_VERSION, MINOR_VERSION,
PATCH_VERSION);
/* Init storage */
storage_init();
/* Init protcol buffer message map and usb msg callback */
fsm_init();
led_func(SET_GREEN_LED);
usbInit();
u2fInit();
led_func(CLR_RED_LED);
reset_idle_time();
if (is_mfg_mode())
layout_screen_test();
else if (!storage_isInitialized())
layout_standard_notification("Welcome", "keepkey.com/get-started",
NOTIFICATION_LOGO);
else
layoutHomeForced();
while (1) {
delay_ms_with_callback(ONE_SEC, &exec, 1);
increment_idle_time(ONE_SEC);
toggle_screensaver();
}
return 0;
}
int main(int argc, char **argv)
{
int ret;
ASSERT0(putenv("TZ=UTC"));
cmn_err(CE_INFO, "blahgd version %s", version_string);
/* drop unneeded privs */
ret = drop_privs();
if (ret)
goto err;
jeffpc_init(&init_ops);
init_math(true);
init_pipe_subsys();
init_req_subsys();
init_post_subsys();
init_file_cache();
ret = config_load((argc >= 2) ? argv[1] : NULL);
if (ret)
goto err;
ret = load_all_posts();
if (ret)
goto err;
handle_signals();
ret = start_helpers();
if (ret)
goto err_helpers;
ret = start_listening();
if (ret)
goto err_helpers;
accept_conns();
stop_listening();
stop_helpers();
free_all_posts();
uncache_all_files();
return 0;
err_helpers:
stop_helpers();
err:
DBG("Failed to inintialize: %s", xstrerror(ret));
return ret;
}
void tree(void) {
drop_privs(1);
char *arg[4];
arg[0] = "bash";
arg[1] = "-c";
arg[2] = "firemon --tree";
arg[3] = NULL;
execvp("/bin/bash", arg);
}
void netstats(void) {
drop_privs(1);
char *arg[4];
arg[0] = "bash";
arg[1] = "-c";
arg[2] = "firemon --netstats";
arg[3] = NULL;
execvp("/bin/bash", arg);
}
void tree(void) {
EUID_ASSERT();
drop_privs(1);
char *cmd = get_firemon_path("--tree");
char *arg[4];
arg[0] = "bash";
arg[1] = "-c";
arg[2] = cmd;
arg[3] = NULL;
execvp("/bin/bash", arg);
}
void seccomp_print_filter(pid_t pid) {
// if the pid is that of a firejail process, use the pid of the first child process
char *comm = pid_proc_comm(pid);
if (comm) {
// remove \n
char *ptr = strchr(comm, '\n');
if (ptr)
*ptr = '\0';
if (strcmp(comm, "firejail") == 0) {
pid_t child;
if (find_child(pid, &child) == 0) {
pid = child;
}
}
free(comm);
}
// check privileges for non-root users
uid_t uid = getuid();
if (uid != 0) {
struct stat s;
char *dir;
if (asprintf(&dir, "/proc/%u/ns", pid) == -1)
errExit("asprintf");
if (stat(dir, &s) < 0)
errExit("stat");
if (s.st_uid != uid) {
printf("Error: permission denied.\n");
exit(1);
}
}
// find the seccomp filter
char *fname;
if (asprintf(&fname, "/proc/%d/root/tmp/firejail/mnt/seccomp", pid) == -1)
errExit("asprintf");
struct stat s;
if (stat(fname, &s) == -1) {
printf("Cannot access seccomp filter.\n");
exit(1);
}
// read and print the filter
read_seccomp_file(fname);
drop_privs(1);
filter_debug();
exit(0);
}
static void set_privileges(void) {
struct stat s;
if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
EUID_ROOT();
// elevate privileges
if (setreuid(0, 0))
errExit("setreuid");
if (setregid(0, 0))
errExit("setregid");
}
else
drop_privs(1);
}
void seccomp_print_filter(pid_t pid) {
EUID_ASSERT();
// if the pid is that of a firejail process, use the pid of the first child process
char *comm = pid_proc_comm(pid);
if (comm) {
// remove \n
char *ptr = strchr(comm, '\n');
if (ptr)
*ptr = '\0';
if (strcmp(comm, "firejail") == 0) {
pid_t child;
if (find_child(pid, &child) == 0) {
pid = child;
}
}
free(comm);
}
// check privileges for non-root users
uid_t uid = getuid();
if (uid != 0) {
uid_t sandbox_uid = pid_get_uid(pid);
if (uid != sandbox_uid) {
fprintf(stderr, "Error: permission denied.\n");
exit(1);
}
}
// find the seccomp filter
EUID_ROOT();
char *fname;
if (asprintf(&fname, "/proc/%d/root%s", pid, RUN_SECCOMP_CFG) == -1)
errExit("asprintf");
struct stat s;
if (stat(fname, &s) == -1) {
printf("Cannot access seccomp filter.\n");
exit(1);
}
// read and print the filter
read_seccomp_file(fname);
drop_privs(1);
filter_debug();
free(fname);
exit(0);
}
int main (int argc, char *argv[])
{
int pid,index,usable;
char *pgname;
pgname = argv[0];
if (argc < 2)
{
printf("%s: nothing to do\n",pgname);
exit(0);
}
/* printf("Real UID\tReal GID\tEff UID\tEff GID\n"); */
init_privs();
set_privs();
while (argc > 1)
{
usable = 1;
for (index=0; index < strlen(argv[1]); index++)
{
if (!isdigit(argv[1][index]))
{
usable = 0;
break;
}
}
if (usable)
{
pid = atoi(argv[1]);
/* printf("pid is %d\n",pid); */
kill(pid,SIGUSR1);
}
else
printf("%s: invalid argument %s\n",pgname,argv[1]);
argc--;
argv++;
}
drop_privs();
exit(0);
}
int main(int argc, char* argv[]) {
int sockfd = init_socket();
logf("Server listening on port %d\n", PORT);
if (signal(SIGCHLD, SIG_IGN) == SIG_ERR) {
perror("Error setting SIGCHILD handler.");
return EXIT_FAILURE;
}
load_module();
while (1) {
socklen_t client_len = sizeof(client);
int client_fd = accept(sockfd, (struct sockaddr*) &client, &client_len);
if (client_fd < 0) {
perror("Error creating socket for incoming connection");
exit(EXIT_FAILURE);
}
logf("New connection from %s on port %d\n", inet_ntoa(client.sin_addr), htons(client.sin_port));
int pid = fork();
if (pid < 0) {
perror("Unable to fork");
exit(EXIT_FAILURE);
}
if (pid == 0) { // client
alarm(300);
close(sockfd);
dup2(client_fd, 0);
dup2(client_fd, 1);
setvbuf(stdout, NULL, _IONBF, 0);
drop_privs();
interact();
close(client_fd);
logf("%s:%d disconnected\n", inet_ntoa(client.sin_addr), htons(client.sin_port));
exit(EXIT_SUCCESS);
} else { // server
logf("%s:%d forked new process with pid %d\n", inet_ntoa(client.sin_addr), htons(client.sin_port), pid);
close(client_fd);
}
}
}
void drop_privs(const char *username) {
if (username == nullptr) {
throw ReferenceError();
}
struct passwd *pw = ::getpwnam(username);
if (pw == nullptr) {
char buf[256];
std::snprintf(buf, sizeof(buf),
"failed to drop privileges: no such user '%s'", username);
panic(buf);
}
drop_privs(pw->pw_uid, pw->pw_gid);
}
void tcpcryptd(void)
{
_state.s_divert = divert_open(_conf.cf_port, packet_handler);
open_unix();
drop_privs();
printf("Running\n");
if (!_conf.cf_disable && !_conf.cf_disable_network_test)
test_network();
while (1)
do_cycle();
}
void seccomp_print_filter(pid_t pid) {
// if the pid is that of a firejail process, use the pid of the first child process
char *comm = pid_proc_comm(pid);
if (comm) {
// remove \n
char *ptr = strchr(comm, '\n');
if (ptr)
*ptr = '\0';
if (strcmp(comm, "firejail") == 0) {
pid_t child;
if (find_child(pid, &child) == 0) {
pid = child;
}
}
free(comm);
}
// check privileges for non-root users
uid_t uid = getuid();
if (uid != 0) {
uid_t sandbox_uid = pid_get_uid(pid);
if (uid != sandbox_uid) {
exechelp_logerrv("firejail", FIREJAIL_ERROR, "Error: permission denied to print seccomp filters (sandbox belongs to a different user).\n");
exit(1);
}
}
// find the seccomp filter
char *fname;
if (asprintf(&fname, "/proc/%d/root/tmp/firejail/mnt/seccomp", pid) == -1)
errExit("asprintf");
struct stat s;
if (stat(fname, &s) == -1) {
exechelp_logerrv("firejail", FIREJAIL_ERROR, "Error: Cannot access seccomp filter.\n");
exit(1);
}
// read and print the filter
read_seccomp_file(fname);
drop_privs(1);
filter_debug();
exit(0);
}
/*
* Drop privileges to the specified user account
*/
int drop_privs_user(const char *user_name) {
struct passwd *pw = getpwnam(user_name);
if (pw == NULL) {
#ifdef DEBUG
err(-1, ERROR_NO_USER, user_name);
#else
exit(-1);
#endif
}
if (drop_privs(pw) == -1) {
#ifdef DEBUG
err(-1, ERROR_NO_PRIVS);
#else
exit(-1);
#endif
}
return 0;
}
static int try_open_fuse_device(char **devp)
{
int fd;
int err;
drop_privs();
fd = try_open(FUSE_DEV_NEW, devp, 0);
restore_privs();
if (fd >= 0)
return fd;
err = fd;
fd = try_open(FUSE_DEV_OLD, devp, 1);
if (fd >= 0)
return fd;
return err;
}
void caps_print_filter(pid_t pid) {
// if the pid is that of a firejail process, use the pid of the first child process
char *comm = pid_proc_comm(pid);
if (comm) {
// remove \n
char *ptr = strchr(comm, '\n');
if (ptr)
*ptr = '\0';
if (strcmp(comm, "firejail") == 0) {
pid_t child;
if (find_child(pid, &child) == 0) {
pid = child;
}
}
free(comm);
}
// check privileges for non-root users
uid_t uid = getuid();
if (uid != 0) {
struct stat s;
char *dir;
if (asprintf(&dir, "/proc/%u/ns", pid) == -1)
errExit("asprintf");
if (stat(dir, &s) < 0)
errExit("stat");
if (s.st_uid != uid) {
printf("Error: permission denied.\n");
exit(1);
}
}
uint64_t caps = extract_caps(pid);
drop_privs(1);
int i;
uint64_t mask;
int elems = sizeof(capslist) / sizeof(capslist[0]);
for (i = 0, mask = 1; i < elems; i++, mask <<= 1) {
printf("%-18.18s - %s\n", capslist[i].name, (mask & caps)? "enabled": "disabled");
}
exit(0);
}
static void run_sdcardfs(const std::string& source_path, const std::string& label, uid_t uid,
gid_t gid, userid_t userid, bool multi_user, bool full_write,
bool derive_gid) {
std::string dest_path_default = "/mnt/runtime/default/" + label;
std::string dest_path_read = "/mnt/runtime/read/" + label;
std::string dest_path_write = "/mnt/runtime/write/" + label;
umask(0);
if (multi_user) {
// Multi-user storage is fully isolated per user, so "other"
// permissions are completely masked off.
if (!sdcardfs_setup(source_path, dest_path_default, uid, gid, multi_user, userid,
AID_SDCARD_RW, 0006, derive_gid) ||
!sdcardfs_setup_bind_remount(dest_path_default, dest_path_read, AID_EVERYBODY, 0027) ||
!sdcardfs_setup_bind_remount(dest_path_default, dest_path_write, AID_EVERYBODY,
full_write ? 0007 : 0027)) {
LOG(FATAL) << "failed to sdcardfs_setup";
}
} else {
// Physical storage is readable by all users on device, but
// the Android directories are masked off to a single user
// deep inside attr_from_stat().
if (!sdcardfs_setup(source_path, dest_path_default, uid, gid, multi_user, userid,
AID_SDCARD_RW, 0006, derive_gid) ||
!sdcardfs_setup_bind_remount(dest_path_default, dest_path_read, AID_EVERYBODY,
full_write ? 0027 : 0022) ||
!sdcardfs_setup_bind_remount(dest_path_default, dest_path_write, AID_EVERYBODY,
full_write ? 0007 : 0022)) {
LOG(FATAL) << "failed to sdcardfs_setup";
}
}
// Will abort if priv-dropping fails.
drop_privs(uid, gid);
if (multi_user) {
std::string obb_path = source_path + "/obb";
fs_prepare_dir(obb_path.c_str(), 0775, uid, gid);
}
exit(0);
}
// return -1 if error, 0 if no error
void copy_file_as_user(const char *srcname, const char *destname, uid_t uid, gid_t gid, mode_t mode) {
pid_t child = fork();
if (child < 0)
errExit("fork");
if (child == 0) {
// drop privileges
drop_privs(0);
// copy, set permissions and ownership
int rv = copy_file(srcname, destname, uid, gid, mode); // already a regular user
if (rv)
fprintf(stderr, "Warning: cannot transfer .Xauthority in private home directory\n");
#ifdef HAVE_GCOV
__gcov_flush();
#endif
_exit(0);
}
// wait for the child to finish
waitpid(child, NULL, 0);
}
/* Initialize the secure memory subsystem, drop privileges and return.
Must be called early. */
void
pinentry_init (const char *pgmname)
{
/* Store away our name. */
if (strlen (pgmname) > sizeof this_pgmname - 2)
abort ();
strcpy (this_pgmname, pgmname);
/* Initialize secure memory. 1 is too small, so the default size
will be used. */
secmem_init (1);
secmem_set_flags (SECMEM_WARN);
drop_privs ();
if (atexit (secmem_term))
/* FIXME: Could not register at-exit function, bail out. */
;
assuan_set_malloc_hooks (secmem_malloc, secmem_realloc, secmem_free);
}
void caps_print_filter(pid_t pid) {
EUID_ASSERT();
// if the pid is that of a firejail process, use the pid of the first child process
char *comm = pid_proc_comm(pid);
if (comm) {
// remove \n
char *ptr = strchr(comm, '\n');
if (ptr)
*ptr = '\0';
if (strcmp(comm, "firejail") == 0) {
pid_t child;
if (find_child(pid, &child) == 0) {
pid = child;
}
}
free(comm);
}
// check privileges for non-root users
uid_t uid = getuid();
if (uid != 0) {
uid_t sandbox_uid = pid_get_uid(pid);
if (uid != sandbox_uid) {
fprintf(stderr, "Error: permission denied.\n");
exit(1);
}
}
uint64_t caps = extract_caps(pid);
drop_privs(1);
int i;
uint64_t mask;
int elems = sizeof(capslist) / sizeof(capslist[0]);
for (i = 0, mask = 1; i < elems; i++, mask <<= 1) {
printf("%-18.18s - %s\n", capslist[i].name, (mask & caps)? "enabled": "disabled");
}
exit(0);
}
void fs_mkfile(const char *name) {
EUID_ASSERT();
// check file name
invalid_filename(name);
char *expanded = expand_home(name, cfg.homedir);
if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0) {
fprintf(stderr, "Error: only files in user home are supported by mkfile\n");
exit(1);
}
struct stat s;
if (stat(expanded, &s) == 0) {
// file exists, do nothing
goto doexit;
}
// create file
pid_t child = fork();
if (child < 0)
errExit("fork");
if (child == 0) {
// drop privileges
drop_privs(0);
FILE *fp = fopen(expanded, "w");
if (!fp)
fprintf(stderr, "Warning: cannot create %s file\n", expanded);
else {
fclose(fp);
int rv = chmod(expanded, 0600);
(void) rv;
}
exit(0);
}
// wait for the child to finish
waitpid(child, NULL, 0);
doexit:
free(expanded);
}
// return -1 if error, 0 if no error
void touch_file_as_user(const char *fname, uid_t uid, gid_t gid, mode_t mode) {
pid_t child = fork();
if (child < 0)
errExit("fork");
if (child == 0) {
// drop privileges
drop_privs(0);
FILE *fp = fopen(fname, "w");
if (fp) {
fprintf(fp, "\n");
SET_PERMS_STREAM(fp, uid, gid, mode);
fclose(fp);
}
#ifdef HAVE_GCOV
__gcov_flush();
#endif
_exit(0);
}
// wait for the child to finish
waitpid(child, NULL, 0);
}
void net_dns_print(pid_t pid) {
// drop privileges
drop_privs(1);
// if the pid is that of a firejail process, use the pid of the first child process
char *comm = pid_proc_comm(pid);
if (comm) {
// remove \n
char *ptr = strchr(comm, '\n');
if (ptr)
*ptr = '\0';
if (strcmp(comm, "firejail") == 0) {
pid_t child;
if (find_child(pid, &child) == 0) {
pid = child;
}
}
free(comm);
}
char *fname;
if (asprintf(&fname, "/proc/%d/root/etc/resolv.conf", pid) == -1)
errExit("asprintf");
// access /etc/resolv.conf
FILE *fp = fopen(fname, "r");
if (!fp) {
fprintf(stderr, "Error: cannot access /etc/resolv.conf\n");
exit(1);
}
char buf[MAXBUF];
while (fgets(buf, MAXBUF, fp))
printf("%s", buf);
printf("\n");
fclose(fp);
free(fname);
exit(0);
}
void fs_mkdir(const char *name) {
EUID_ASSERT();
// check directory name
invalid_filename(name, 0); // no globbing
char *expanded = expand_macros(name);
if (strncmp(expanded, cfg.homedir, strlen(cfg.homedir)) != 0 &&
strncmp(expanded, "/tmp", 4) != 0) {
fprintf(stderr, "Error: only directories in user home or /tmp are supported by mkdir\n");
exit(1);
}
struct stat s;
if (stat(expanded, &s) == 0) {
// file exists, do nothing
goto doexit;
}
// create directory
pid_t child = fork();
if (child < 0)
errExit("fork");
if (child == 0) {
// drop privileges
drop_privs(0);
// create directory
mkdir_recursive(expanded);
#ifdef HAVE_GCOV
__gcov_flush();
#endif
_exit(0);
}
// wait for the child to finish
waitpid(child, NULL, 0);
doexit:
free(expanded);
}
int ff(int sockFd) {
struct stat statbuf;
FILE *keyFile;
char * keybuf;
char fileStr[4];
char sockStr[4];
keyFile = fopen("key", "r");
if(keyFile == NULL) {
send_string(sockFd, "Could not open key.");
return -1;
}
drop_privs("maw");
pid_t child;
child = fork();
if(child == 0) {
sprintf(fileStr, "%d", fileno(keyFile));
sprintf(sockStr, "%d", sockFd);
execl("/home/services/sis", "sis", fileStr, sockStr, NULL);
}
fclose(keyFile);
}
