[nspluginwrapper/f16] Updated dlopen patch
Martin Stransky
stransky at fedoraproject.org
Thu Dec 13 14:03:49 UTC 2012
commit 3783129d3e7fa8fb239f934d7b60ba3ce70df56f
Author: Martin Stransky <stransky at redhat.com>
Date: Thu Dec 13 15:03:33 2012 +0100
Updated dlopen patch
plugin-config-dlopen.patch | 155 ++++++++++++++++++++++++++++++++++---------
1 files changed, 122 insertions(+), 33 deletions(-)
---
diff --git a/plugin-config-dlopen.patch b/plugin-config-dlopen.patch
index dd181df..509465b 100644
--- a/plugin-config-dlopen.patch
+++ b/plugin-config-dlopen.patch
@@ -1,7 +1,108 @@
+diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.c.dlopen nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.c
+--- nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.c.dlopen 2012-12-13 14:59:38.017080096 +0100
++++ nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.c 2012-12-13 14:59:38.021080096 +0100
+@@ -260,36 +260,29 @@ int is_setuid(void)
+ /*
+ * Drop root UID
+ */
+-int drop_setuid(void)
++int drop_root(void)
+ {
+- if(is_setuid()) {
+- if(setgid(getgid()) < 0)
+- return(FALSE);
+- if(setuid(getuid()) < 0)
+- return(FALSE);
+- }
+- return(TRUE);
+-}
++ static uid_t user_uid = -1;
++ static gid_t user_gid = -1;
++ const char* username = "nobody";
+
+-/*
+- * Drop root UID, leave it only for filesystem
+- */
+-int drop_root(void)
+-{
+- if(is_setuid()) {
+- return(drop_setuid());
++ // get user uid and gid
++ if (user_uid == -1 || user_gid == -1) {
++ if (!get_user_uid_gid(username, &user_uid, &user_gid))
++ return FALSE;
++ }
++
++ //identify as nspluginwrapper user
++ if(setgid(user_gid) == -1) {
++ return FALSE;
++ }
++ if(setuid(user_uid) == -1) {
++ return FALSE;
+ }
+
+- return(TRUE);
++ return TRUE;
+ }
+
+-enum
+-{
+- EXIT_VIEWER_NOT_FOUND = -2,
+- EXIT_VIEWER_ERROR = -1,
+- EXIT_VIEWER_OK = 0,
+-};
+-
+ char * get_prefix(char *p_prefix, int max_len, int s_bits, int t_bits)
+ {
+ snprintf(p_prefix,max_len,"nswrapper_%d_%d",s_bits,t_bits);
+@@ -321,7 +314,7 @@ int check_plugin_viewer(const char *plug
+ return(FALSE);
+ }
+ else if (pid == 0) {
+- if(!drop_setuid())
++ if(!drop_root())
+ exit(EXIT_VIEWER_ERROR);
+
+ if(access(p_viewer, X_OK) != 0) {
+diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.h.dlopen nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.h
+--- nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.h.dlopen 2007-10-31 10:46:34.000000000 +0100
++++ nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.h 2012-12-13 15:01:29.032082629 +0100
+@@ -36,6 +36,13 @@ typedef struct _WRAP_PLUGIN {
+
+ } WRAP_PLUGIN;
+
++enum
++{
++ EXIT_VIEWER_NOT_FOUND = -2,
++ EXIT_VIEWER_ERROR = -1,
++ EXIT_VIEWER_OK = 0,
++};
++
+ #define NPW_WRAPPER_PLUGIN "npwrapper.so" // Don't process this plugin
+
+ void warning(const char *format,...);
+@@ -43,6 +50,6 @@ void error(const char *format,...);
+ void info(const char *format, ...);
+
+ int is_setuid(void);
+-int drop_setuid(void);
++int drop_root(void);
+
+ #endif // __PLUGIN_CONFIG_H__
diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c
--- nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen 2007-11-06 12:48:18.000000000 +0100
-+++ nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c 2012-12-13 09:23:53.435285639 +0100
-@@ -815,39 +815,122 @@ int is_wrapper_plugin_fd (int fd)
++++ nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c 2012-12-13 15:02:10.082083566 +0100
+@@ -49,6 +49,9 @@
+ #include <asm/types.h>
+
+ #include "plugin-detection.h"
++#include "plugin-path.h"
++#include "plugin-dir.h"
++#include "plugin-config.h"
+
+
+ /* ELF decoder derived from QEMU code */
+@@ -815,39 +818,110 @@ int is_wrapper_plugin_fd (int fd)
return FALSE;
}
@@ -28,9 +129,6 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen n
+
+int get_wrapper_plugin_info(const char *plugin_path, NPW_PLUGININFO *out_plugin_info)
+{
-+ static uid_t user_uid = -1;
-+ static gid_t user_gid = -1;
-+ const char* username = "nobody";
+ int fd[2];
+
+ // initialize pipe
@@ -39,12 +137,6 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen n
- NPW_PLUGININFO *pi;
- if ((pi = (NPW_PLUGININFO *)dlsym(handle, "NPW_Plugin")) == NULL)
+
-+ // get user uid and gid
-+ if (user_uid == -1 || user_gid == -1) {
-+ if (!get_user_uid_gid(username, &user_uid, &user_gid))
-+ return FALSE;
-+ }
-+
+ int pid = fork();
+ if (pid < 0) {
return FALSE;
@@ -61,19 +153,11 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen n
- out_plugin_info->target_os[NPW_PLUGININFO_TARGET_LENGTH-1] = '\0';
+ }
+ else if (pid == 0) {
-+ //identify as nspluginwrapper user
-+ if(setgid(user_gid) == -1) {
-+ exit(FALSE);
-+ }
-+ if(setuid(user_uid) == -1) {
-+ exit(FALSE);
- }
-- }
-- dlclose(handle);
-- return TRUE;
-+
+ //close read
+ close(fd[0]);
++
++ if(!drop_root())
++ exit(EXIT_VIEWER_ERROR);
+
+ void *handle = dlopen(plugin_path, RTLD_LAZY);
+
@@ -81,19 +165,24 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen n
+ NPW_PLUGININFO *pi;
+
+ if ((pi = (NPW_PLUGININFO *)dlsym(handle, "NPW_Plugin")) == NULL) {
-+ if (write(fd[1], &plugin_info, sizeof(NPW_PLUGININFO)) == -1)
-+ exit(FALSE);
-+ exit(FALSE);
-+ }
++ // Send expected data to parent but invalidate them with error
++ // return code
++ write(fd[1], &plugin_info, sizeof(NPW_PLUGININFO));
++ exit(EXIT_VIEWER_ERROR);
+ }
+- }
+- dlclose(handle);
+- return TRUE;
+ else {
+ //check if necessary symbols are presented
+ if ((dlsym(handle, "NP_Initialize") == NULL) ||
+ (dlsym(handle, "NP_Shutdown") == NULL) ||
+ (dlsym(handle, "NP_GetMIMEDescription") == NULL)) {
+
-+ if (write(fd[1], &plugin_info, sizeof(NPW_PLUGININFO)) == -1)
-+ exit(FALSE);
-+ exit(FALSE);
++ // Send expected data to parent but invalidate them with error
++ // return code
++ write(fd[1], &plugin_info, sizeof(NPW_PLUGININFO));
++ exit(EXIT_VIEWER_ERROR);
+ }
+
+ if (out_plugin_info) {
@@ -113,9 +202,9 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen n
+
+ dlclose(handle);
+ if (write(fd[1], &plugin_info, sizeof(NPW_PLUGININFO)) == -1)
-+ exit(FALSE);
++ exit(EXIT_VIEWER_ERROR);
+
-+ exit(TRUE);
++ exit(EXIT_VIEWER_OK);
+ }
+ else {
+ //close write
@@ -131,7 +220,7 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen n
+ ;
+
+ if (WIFEXITED(status)) {
-+ if (WEXITSTATUS(status) != TRUE)
++ if (WEXITSTATUS(status) != EXIT_VIEWER_OK)
+ return FALSE;
+ }
+
@@ -150,7 +239,7 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen n
return FALSE;
diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.h.dlopen nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.h
--- nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.h.dlopen 2007-10-29 14:52:54.000000000 +0100
-+++ nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.h 2012-12-13 09:23:53.435285639 +0100
++++ nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.h 2012-12-13 14:59:38.088080096 +0100
@@ -53,6 +53,8 @@ int is_plugin_fd_64(int fd, NPW_PLUGINI
int is_plugin_fd(int fd, NPW_PLUGININFO * out_plugin_info);
int is_plugin(const char *filename, NPW_PLUGININFO * out_plugin_info);
More information about the scm-commits
mailing list