On Mon, May 22, 2023 at 10:52:03AM +0200, Stefano Brivio wrote:We'll need this in isolate_initial(). While at it, don't rely on BUFSIZ: the earlier issue we had with musl reminded me it's not a magic "everything will fit" value. Size the read buffer to what we actually need from uid_map, and check for the final newline too, because uid_map is organised in lines. Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>Reviewed-by: David Gibson <david(a)gibson.dropbear.id.au>--- conf.c | 16 +--------------- util.c | 25 +++++++++++++++++++++++++ util.h | 2 ++ 3 files changed, 28 insertions(+), 15 deletions(-) diff --git a/conf.c b/conf.c index 447b000..984c3ce 100644 --- a/conf.c +++ b/conf.c @@ -1096,10 +1096,6 @@ static int conf_runas(char *opt, unsigned int *uid, unsigned int *gid) */ static void conf_ugid(char *runas, uid_t *uid, gid_t *gid) { - const char root_uid_map[] = " 0 0 4294967295"; - char buf[BUFSIZ]; - int fd; - /* If user has specified --runas, that takes precedence... */ if (runas) { if (conf_runas(runas, uid, gid)) @@ -1116,18 +1112,8 @@ static void conf_ugid(char *runas, uid_t *uid, gid_t *gid) return; /* ...or at least not root in the init namespace... */ - if ((fd = open("/proc/self/uid_map", O_RDONLY | O_CLOEXEC)) < 0) { - die("Can't determine if we're in init namespace: %s", - strerror(errno)); - } - - if (read(fd, buf, BUFSIZ) != sizeof(root_uid_map) || - strncmp(buf, root_uid_map, sizeof(root_uid_map) - 1)) { - close(fd); + if (!ns_is_init()) return; - } - - close(fd); /* ...otherwise use nobody:nobody */ warn("Don't run as root. Changing to nobody..."); diff --git a/util.c b/util.c index c3e3471..3c5d51f 100644 --- a/util.c +++ b/util.c @@ -390,6 +390,31 @@ int ns_enter(const struct ctx *c) return 0; } +/** + * ns_is_init() - Is the caller running in the "init" user namespace? + * + * Return: true if caller is in init, false otherwise, won't return on failure + */ +bool ns_is_init(void) +{ + const char root_uid_map[] = " 0 0 4294967295\n"; + char buf[sizeof(root_uid_map)]; + bool ret = true; + int fd; + + if ((fd = open("/proc/self/uid_map", O_RDONLY | O_CLOEXEC)) < 0) { + die("Can't determine if we're in init namespace: %s", + strerror(errno)); + } + + if (read(fd, buf, sizeof(root_uid_map)) != sizeof(root_uid_map) - 1 || + strncmp(buf, root_uid_map, sizeof(root_uid_map)))Personally I'd use memcmp() when the size is known like this, but this strncmp() should do the same thing.+ ret = false; + + close(fd); + return ret; +} + /** * pid_file() - Write PID to file, if requested to do so, and close it * @fd: Open PID file descriptor, closed on exit, -1 to skip writing it diff --git a/util.h b/util.h index ba3e3da..26892aa 100644 --- a/util.h +++ b/util.h @@ -8,6 +8,7 @@ #include <stdlib.h> #include <stdarg.h> +#include <stdbool.h> #include "log.h" @@ -216,6 +217,7 @@ char *line_read(char *buf, size_t len, int fd); void procfs_scan_listen(struct ctx *c, uint8_t proto, int ip_version, int ns, uint8_t *map, uint8_t *exclude); int ns_enter(const struct ctx *c); +bool ns_is_init(void); void write_pidfile(int fd, pid_t pid); int __daemon(int pidfile_fd, int devnull_fd); int fls(unsigned long x);-- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson