| /*** |
| This file is part of systemd. |
| |
| Copyright 2014 Lennart Poettering |
| |
| systemd is free software; you can redistribute it and/or modify it |
| under the terms of the GNU Lesser General Public License as published by |
| the Free Software Foundation; either version 2.1 of the License, or |
| (at your option) any later version. |
| |
| systemd is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| Lesser General Public License for more details. |
| |
| You should have received a copy of the GNU Lesser General Public License |
| along with systemd; If not, see <http://www.gnu.org/licenses/>. |
| ***/ |
| |
| #include <dirent.h> |
| #include <errno.h> |
| #include <fcntl.h> |
| #include <limits.h> |
| #include <mqueue.h> |
| #include <stdbool.h> |
| #include <stdio.h> |
| #include <string.h> |
| #include <sys/ipc.h> |
| #include <sys/msg.h> |
| #include <sys/sem.h> |
| #include <sys/shm.h> |
| #include <sys/stat.h> |
| #include <unistd.h> |
| |
| #include "clean-ipc.h" |
| #include "dirent-util.h" |
| #include "fd-util.h" |
| #include "fileio.h" |
| #include "format-util.h" |
| #include "log.h" |
| #include "macro.h" |
| #include "string-util.h" |
| #include "strv.h" |
| #include "user-util.h" |
| |
| static bool match_uid_gid(uid_t subject_uid, gid_t subject_gid, uid_t delete_uid, gid_t delete_gid) { |
| |
| if (uid_is_valid(delete_uid) && subject_uid == delete_uid) |
| return true; |
| |
| if (gid_is_valid(delete_gid) && subject_gid == delete_gid) |
| return true; |
| |
| return false; |
| } |
| |
| static int clean_sysvipc_shm(uid_t delete_uid, gid_t delete_gid) { |
| _cleanup_fclose_ FILE *f = NULL; |
| char line[LINE_MAX]; |
| bool first = true; |
| int ret = 0; |
| |
| f = fopen("/proc/sysvipc/shm", "re"); |
| if (!f) { |
| if (errno == ENOENT) |
| return 0; |
| |
| return log_warning_errno(errno, "Failed to open /proc/sysvipc/shm: %m"); |
| } |
| |
| FOREACH_LINE(line, f, goto fail) { |
| unsigned n_attached; |
| pid_t cpid, lpid; |
| uid_t uid, cuid; |
| gid_t gid, cgid; |
| int shmid; |
| |
| if (first) { |
| first = false; |
| continue; |
| } |
| |
| truncate_nl(line); |
| |
| if (sscanf(line, "%*i %i %*o %*u " PID_FMT " " PID_FMT " %u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT, |
| &shmid, &cpid, &lpid, &n_attached, &uid, &gid, &cuid, &cgid) != 8) |
| continue; |
| |
| if (n_attached > 0) |
| continue; |
| |
| if (!match_uid_gid(uid, gid, delete_uid, delete_gid)) |
| continue; |
| |
| if (shmctl(shmid, IPC_RMID, NULL) < 0) { |
| |
| /* Ignore entries that are already deleted */ |
| if (errno == EIDRM || errno == EINVAL) |
| continue; |
| |
| ret = log_warning_errno(errno, |
| "Failed to remove SysV shared memory segment %i: %m", |
| shmid); |
| } else |
| log_debug("Removed SysV shared memory segment %i.", shmid); |
| } |
| |
| return ret; |
| |
| fail: |
| return log_warning_errno(errno, "Failed to read /proc/sysvipc/shm: %m"); |
| } |
| |
| static int clean_sysvipc_sem(uid_t delete_uid, gid_t delete_gid) { |
| _cleanup_fclose_ FILE *f = NULL; |
| char line[LINE_MAX]; |
| bool first = true; |
| int ret = 0; |
| |
| f = fopen("/proc/sysvipc/sem", "re"); |
| if (!f) { |
| if (errno == ENOENT) |
| return 0; |
| |
| return log_warning_errno(errno, "Failed to open /proc/sysvipc/sem: %m"); |
| } |
| |
| FOREACH_LINE(line, f, goto fail) { |
| uid_t uid, cuid; |
| gid_t gid, cgid; |
| int semid; |
| |
| if (first) { |
| first = false; |
| continue; |
| } |
| |
| truncate_nl(line); |
| |
| if (sscanf(line, "%*i %i %*o %*u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT, |
| &semid, &uid, &gid, &cuid, &cgid) != 5) |
| continue; |
| |
| if (!match_uid_gid(uid, gid, delete_uid, delete_gid)) |
| continue; |
| |
| if (semctl(semid, 0, IPC_RMID) < 0) { |
| |
| /* Ignore entries that are already deleted */ |
| if (errno == EIDRM || errno == EINVAL) |
| continue; |
| |
| ret = log_warning_errno(errno, |
| "Failed to remove SysV semaphores object %i: %m", |
| semid); |
| } else |
| log_debug("Removed SysV semaphore %i.", semid); |
| } |
| |
| return ret; |
| |
| fail: |
| return log_warning_errno(errno, "Failed to read /proc/sysvipc/sem: %m"); |
| } |
| |
| static int clean_sysvipc_msg(uid_t delete_uid, gid_t delete_gid) { |
| _cleanup_fclose_ FILE *f = NULL; |
| char line[LINE_MAX]; |
| bool first = true; |
| int ret = 0; |
| |
| f = fopen("/proc/sysvipc/msg", "re"); |
| if (!f) { |
| if (errno == ENOENT) |
| return 0; |
| |
| return log_warning_errno(errno, "Failed to open /proc/sysvipc/msg: %m"); |
| } |
| |
| FOREACH_LINE(line, f, goto fail) { |
| uid_t uid, cuid; |
| gid_t gid, cgid; |
| pid_t cpid, lpid; |
| int msgid; |
| |
| if (first) { |
| first = false; |
| continue; |
| } |
| |
| truncate_nl(line); |
| |
| if (sscanf(line, "%*i %i %*o %*u %*u " PID_FMT " " PID_FMT " " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT, |
| &msgid, &cpid, &lpid, &uid, &gid, &cuid, &cgid) != 7) |
| continue; |
| |
| if (!match_uid_gid(uid, gid, delete_uid, delete_gid)) |
| continue; |
| |
| if (msgctl(msgid, IPC_RMID, NULL) < 0) { |
| |
| /* Ignore entries that are already deleted */ |
| if (errno == EIDRM || errno == EINVAL) |
| continue; |
| |
| ret = log_warning_errno(errno, |
| "Failed to remove SysV message queue %i: %m", |
| msgid); |
| } else |
| log_debug("Removed SysV message queue %i.", msgid); |
| } |
| |
| return ret; |
| |
| fail: |
| return log_warning_errno(errno, "Failed to read /proc/sysvipc/msg: %m"); |
| } |
| |
| static int clean_posix_shm_internal(DIR *dir, uid_t uid, gid_t gid) { |
| struct dirent *de; |
| int ret = 0, r; |
| |
| assert(dir); |
| |
| FOREACH_DIRENT_ALL(de, dir, goto fail) { |
| struct stat st; |
| |
| if (dot_or_dot_dot(de->d_name)) |
| continue; |
| |
| if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) { |
| if (errno == ENOENT) |
| continue; |
| |
| ret = log_warning_errno(errno, "Failed to stat() POSIX shared memory segment %s: %m", de->d_name); |
| continue; |
| } |
| |
| if (!match_uid_gid(st.st_uid, st.st_gid, uid, gid)) |
| continue; |
| |
| if (S_ISDIR(st.st_mode)) { |
| _cleanup_closedir_ DIR *kid; |
| |
| kid = xopendirat(dirfd(dir), de->d_name, O_NOFOLLOW|O_NOATIME); |
| if (!kid) { |
| if (errno != ENOENT) |
| ret = log_warning_errno(errno, "Failed to enter shared memory directory %s: %m", de->d_name); |
| } else { |
| r = clean_posix_shm_internal(kid, uid, gid); |
| if (r < 0) |
| ret = r; |
| } |
| |
| if (unlinkat(dirfd(dir), de->d_name, AT_REMOVEDIR) < 0) { |
| |
| if (errno == ENOENT) |
| continue; |
| |
| ret = log_warning_errno(errno, "Failed to remove POSIX shared memory directory %s: %m", de->d_name); |
| } else |
| log_debug("Removed POSIX shared memory directory %s", de->d_name); |
| } else { |
| |
| if (unlinkat(dirfd(dir), de->d_name, 0) < 0) { |
| |
| if (errno == ENOENT) |
| continue; |
| |
| ret = log_warning_errno(errno, "Failed to remove POSIX shared memory segment %s: %m", de->d_name); |
| } else |
| log_debug("Removed POSIX shared memory segment %s", de->d_name); |
| } |
| } |
| |
| return ret; |
| |
| fail: |
| return log_warning_errno(errno, "Failed to read /dev/shm: %m"); |
| } |
| |
| static int clean_posix_shm(uid_t uid, gid_t gid) { |
| _cleanup_closedir_ DIR *dir = NULL; |
| |
| dir = opendir("/dev/shm"); |
| if (!dir) { |
| if (errno == ENOENT) |
| return 0; |
| |
| return log_warning_errno(errno, "Failed to open /dev/shm: %m"); |
| } |
| |
| return clean_posix_shm_internal(dir, uid, gid); |
| } |
| |
| static int clean_posix_mq(uid_t uid, gid_t gid) { |
| _cleanup_closedir_ DIR *dir = NULL; |
| struct dirent *de; |
| int ret = 0; |
| |
| dir = opendir("/dev/mqueue"); |
| if (!dir) { |
| if (errno == ENOENT) |
| return 0; |
| |
| return log_warning_errno(errno, "Failed to open /dev/mqueue: %m"); |
| } |
| |
| FOREACH_DIRENT_ALL(de, dir, goto fail) { |
| struct stat st; |
| char fn[1+strlen(de->d_name)+1]; |
| |
| if (dot_or_dot_dot(de->d_name)) |
| continue; |
| |
| if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) { |
| if (errno == ENOENT) |
| continue; |
| |
| ret = log_warning_errno(errno, |
| "Failed to stat() MQ segment %s: %m", |
| de->d_name); |
| continue; |
| } |
| |
| if (!match_uid_gid(st.st_uid, st.st_gid, uid, gid)) |
| continue; |
| |
| fn[0] = '/'; |
| strcpy(fn+1, de->d_name); |
| |
| if (mq_unlink(fn) < 0) { |
| if (errno == ENOENT) |
| continue; |
| |
| ret = log_warning_errno(errno, |
| "Failed to unlink POSIX message queue %s: %m", |
| fn); |
| } else |
| log_debug("Removed POSIX message queue %s", fn); |
| } |
| |
| return ret; |
| |
| fail: |
| return log_warning_errno(errno, "Failed to read /dev/mqueue: %m"); |
| } |
| |
| int clean_ipc(uid_t uid, gid_t gid) { |
| int ret = 0, r; |
| |
| /* Anything to do? */ |
| if (!uid_is_valid(uid) && !gid_is_valid(gid)) |
| return 0; |
| |
| /* Refuse to clean IPC of the root user */ |
| if (uid == 0 && gid == 0) |
| return 0; |
| |
| r = clean_sysvipc_shm(uid, gid); |
| if (r < 0) |
| ret = r; |
| |
| r = clean_sysvipc_sem(uid, gid); |
| if (r < 0) |
| ret = r; |
| |
| r = clean_sysvipc_msg(uid, gid); |
| if (r < 0) |
| ret = r; |
| |
| r = clean_posix_shm(uid, gid); |
| if (r < 0) |
| ret = r; |
| |
| r = clean_posix_mq(uid, gid); |
| if (r < 0) |
| ret = r; |
| |
| return ret; |
| } |
| |
| int clean_ipc_by_uid(uid_t uid) { |
| return clean_ipc(uid, GID_INVALID); |
| } |
| |
| int clean_ipc_by_gid(gid_t gid) { |
| return clean_ipc(UID_INVALID, gid); |
| } |