[nspluginwrapper/f16] Final dlopen patch for Bug #870108
Martin Stransky
stransky at fedoraproject.org
Fri Dec 14 11:06:13 UTC 2012
commit 6ed006ea993780dd55fed7536c685d5f61864a5d
Author: Martin Stransky <stransky at anakreon.cz>
Date: Fri Dec 14 12:06:02 2012 +0100
Final dlopen patch for Bug #870108
nspluginwrapper.spec | 6 +-
plugin-config-dlopen.patch | 214 +++++++++++++++++++++++++++++++++++---------
2 files changed, 174 insertions(+), 46 deletions(-)
---
diff --git a/nspluginwrapper.spec b/nspluginwrapper.spec
index 0572c5b..b94f4ca 100644
--- a/nspluginwrapper.spec
+++ b/nspluginwrapper.spec
@@ -85,7 +85,7 @@
Summary: A compatibility layer for Netscape 4 plugins
Name: nspluginwrapper
Version: 1.4.4
-Release: 15%{?dist}
+Release: 16%{?dist}
License: GPLv2+
Group: Applications/Internet
Url: http://gwenole.beauchesne.info/projects/nspluginwrapper/
@@ -148,9 +148,9 @@ pushd %plugin_config_name
%patch102 -p2 -b .print
%patch103 -p2 -b .non-native
%patch104 -p2 -b .time
-%patch105 -p2 -b .dlopen
%patch106 -p2 -b .help
popd
+%patch105 -p1 -b .dlopen
%build
# Build wrapper
@@ -267,7 +267,7 @@ fi;
%changelog
-* Thu Dec 13 2012 Martin Stransky <stransky at redhat.com> 1.4.4-14
+* Thu Dec 13 2012 Martin Stransky <stransky at redhat.com> 1.4.4-16
- Fixed bug #870108 - plugin-config should not call dlopen()
- Fixed plugin-config help
diff --git a/plugin-config-dlopen.patch b/plugin-config-dlopen.patch
index 509465b..a2665a6 100644
--- a/plugin-config-dlopen.patch
+++ b/plugin-config-dlopen.patch
@@ -1,13 +1,15 @@
diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.c.dlopen nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.c
---- nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.c.dlopen 2012-12-13 14:59:38.017080096 +0100
-+++ nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.c 2012-12-13 14:59:38.021080096 +0100
-@@ -260,36 +260,29 @@ int is_setuid(void)
- /*
- * Drop root UID
- */
+--- nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.c.dlopen 2012-12-14 11:48:58.414171680 +0100
++++ nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.c 2012-12-14 11:48:58.415171685 +0100
+@@ -257,39 +257,46 @@ int is_setuid(void)
+ return(geteuid() == 0 && getuid() != 0);
+ }
+
+-/*
+- * Drop root UID
+- */
-int drop_setuid(void)
-+int drop_root(void)
- {
+-{
- if(is_setuid()) {
- if(setgid(getgid()) < 0)
- return(FALSE);
@@ -15,18 +17,33 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.c.dlopen nspl
- return(FALSE);
- }
- return(TRUE);
--}
-+ static uid_t user_uid = -1;
-+ static gid_t user_gid = -1;
-+ const char* username = "nobody";
++
++int get_user_uid_gid(const char *username, uid_t *uid, gid_t *gid)
++{
++ struct passwd *passwd_entry;
++
++ if ((passwd_entry = getpwnam(username)) == NULL)
++ return FALSE;
++
++ *uid = passwd_entry->pw_uid;
++ *gid = passwd_entry->pw_gid;
++
++ return TRUE;
+ }
--/*
+ /*
- * Drop root UID, leave it only for filesystem
-- */
--int drop_root(void)
++ * Drop root UID
+ */
+ int drop_root(void)
-{
- if(is_setuid()) {
- return(drop_setuid());
++{
++ static uid_t user_uid = -1;
++ static gid_t user_gid = -1;
++ const char* username = "nobody";
++
+ // get user uid and gid
+ if (user_uid == -1 || user_gid == -1) {
+ if (!get_user_uid_gid(username, &user_uid, &user_gid))
@@ -55,7 +72,7 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.c.dlopen nspl
char * get_prefix(char *p_prefix, int max_len, int s_bits, int t_bits)
{
snprintf(p_prefix,max_len,"nswrapper_%d_%d",s_bits,t_bits);
-@@ -321,7 +314,7 @@ int check_plugin_viewer(const char *plug
+@@ -321,7 +328,7 @@ int check_plugin_viewer(const char *plug
return(FALSE);
}
else if (pid == 0) {
@@ -66,7 +83,7 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.c.dlopen nspl
if(access(p_viewer, X_OK) != 0) {
diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.h.dlopen nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.h
--- nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.h.dlopen 2007-10-31 10:46:34.000000000 +0100
-+++ nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.h 2012-12-13 15:01:29.032082629 +0100
++++ nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.h 2012-12-14 11:48:58.416171689 +0100
@@ -36,6 +36,13 @@ typedef struct _WRAP_PLUGIN {
} WRAP_PLUGIN;
@@ -91,7 +108,7 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-config.h.dlopen nspl
#endif // __PLUGIN_CONFIG_H__
diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c
--- nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen 2007-11-06 12:48:18.000000000 +0100
-+++ nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c 2012-12-13 15:02:10.082083566 +0100
++++ nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c 2012-12-14 11:48:58.416171689 +0100
@@ -49,6 +49,9 @@
#include <asm/types.h>
@@ -102,12 +119,9 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen n
/* ELF decoder derived from QEMU code */
-@@ -815,39 +818,110 @@ int is_wrapper_plugin_fd (int fd)
- return FALSE;
- }
+@@ -817,37 +820,96 @@ int is_wrapper_plugin_fd (int fd)
--int get_wrapper_plugin_info(const char *plugin_path, NPW_PLUGININFO *out_plugin_info)
-+int get_user_uid_gid(const char *username, uid_t *uid, gid_t *gid)
+ int get_wrapper_plugin_info(const char *plugin_path, NPW_PLUGININFO *out_plugin_info)
{
- void *handle = dlopen(plugin_path, RTLD_LAZY);
- if (handle == NULL)
@@ -115,20 +129,8 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen n
- if (dlsym(handle, "NP_Initialize") == NULL)
- return FALSE;
- if (dlsym(handle, "NP_Shutdown") == NULL)
-+ struct passwd *passwd_entry;
-+
-+ if ((passwd_entry = getpwnam(username)) == NULL)
- return FALSE;
+- return FALSE;
- if (dlsym(handle, "NP_GetMIMEDescription") == NULL)
-+
-+ *uid = passwd_entry->pw_uid;
-+ *gid = passwd_entry->pw_gid;
-+
-+ return TRUE;
-+}
-+
-+int get_wrapper_plugin_info(const char *plugin_path, NPW_PLUGININFO *out_plugin_info)
-+{
+ int fd[2];
+
+ // initialize pipe
@@ -169,10 +171,7 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen n
+ // return code
+ write(fd[1], &plugin_info, sizeof(NPW_PLUGININFO));
+ exit(EXIT_VIEWER_ERROR);
- }
-- }
-- dlclose(handle);
-- return TRUE;
++ }
+ else {
+ //check if necessary symbols are presented
+ if ((dlsym(handle, "NP_Initialize") == NULL) ||
@@ -198,9 +197,13 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen n
+ plugin_info.target_os[NPW_PLUGININFO_TARGET_LENGTH-1] = '\0';
+ }
+ }
-+ }
+ }
+- }
+- dlclose(handle);
+- return TRUE;
+
-+ dlclose(handle);
++ /* Intentionally leak the handle; many libraries crash when unloaded. */
++ /* dlclose(handle); */
+ if (write(fd[1], &plugin_info, sizeof(NPW_PLUGININFO)) == -1)
+ exit(EXIT_VIEWER_ERROR);
+
@@ -239,7 +242,7 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.c.dlopen n
return FALSE;
diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.h.dlopen nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.h
--- nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.h.dlopen 2007-10-29 14:52:54.000000000 +0100
-+++ nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.h 2012-12-13 14:59:38.088080096 +0100
++++ nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.h 2012-12-14 11:48:58.417171693 +0100
@@ -53,6 +53,8 @@ int is_plugin_fd_64(int fd, NPW_PLUGINI
int is_plugin_fd(int fd, NPW_PLUGININFO * out_plugin_info);
int is_plugin(const char *filename, NPW_PLUGININFO * out_plugin_info);
@@ -249,3 +252,128 @@ diff -up nspluginwrapper-1.4.4/plugin-config-1.9/src/plugin-detection.h.dlopen n
int is_wrapper_plugin_handle(void *handle, NPW_PLUGININFO * out_plugin_info);
int is_wrapper_plugin(const char *plugin_path, NPW_PLUGININFO * out_plugin_info);
+diff -up nspluginwrapper-1.4.4/src/npw-config.c.dlopen nspluginwrapper-1.4.4/src/npw-config.c
+--- nspluginwrapper-1.4.4/src/npw-config.c.dlopen 2012-12-14 11:48:58.383171524 +0100
++++ nspluginwrapper-1.4.4/src/npw-config.c 2012-12-14 11:59:45.276355433 +0100
+@@ -126,6 +126,42 @@ static int strexpand(char *dst, int dstl
+ return 0;
+ }
+
++static int get_user_uid_gid(const char *username, uid_t *uid, gid_t *gid)
++{
++ struct passwd *passwd_entry;
++
++ if ((passwd_entry = getpwnam(username)) == NULL)
++ return FALSE;
++
++ *uid = passwd_entry->pw_uid;
++ *gid = passwd_entry->pw_gid;
++
++ return TRUE;
++}
++
++static int drop_root(void)
++{
++ static uid_t user_uid = -1;
++ static gid_t user_gid = -1;
++ const char* username = "nobody";
++
++ // get user uid and gid
++ if (user_uid == -1 || user_gid == -1) {
++ if (!get_user_uid_gid(username, &user_uid, &user_gid))
++ return FALSE;
++ }
++
++ //identify as nspluginwrapper user
++ if(setgid(user_gid) == -1) {
++ return FALSE;
++ }
++ if(setuid(user_uid) == -1) {
++ return FALSE;
++ }
++
++ return TRUE;
++}
++
+ static const char *get_system_mozilla_plugin_dir(void)
+ {
+ static const char default_dir[] = LIBDIR "/mozilla/plugins";
+@@ -363,6 +399,8 @@ static bool is_plugin_viewer_ok(const ch
+ if (pid < 0)
+ return false;
+ if (pid == 0) {
++ if(!drop_root())
++ exit(1);
+ if (!g_verbose) {
+ // don't spit out errors in non-verbose mode, we only need
+ // to know whether there is a valid viewer or not
+@@ -531,16 +569,62 @@ static bool is_wrapper_plugin_handle(voi
+ return true;
+ }
+
++#define EXIT_ERROR (-1)
++#define EXIT_WRAPPED (0)
++#define EXIT_NOT_WRAPPED (1)
++
+ static bool is_wrapper_plugin(const char *plugin_path, NPW_PluginInfo *out_plugin_info)
+ {
+- void *handle = dlopen(plugin_path, RTLD_LAZY);
+- if (handle == NULL)
+- return false;
++ int fd[2];
+
+- bool ret = is_wrapper_plugin_handle(handle, out_plugin_info);
+- /* Intentionally leak the handle; many libraries crash when unloaded. */
+- /* dlclose(handle); */
+- return ret;
++ // initialize pipe
++ if (pipe(fd) == -1)
++ return FALSE;
++
++ int pid = fork();
++ if (pid < 0) {
++ return FALSE;
++ }
++ else if (pid == 0) {
++ NPW_PluginInfo plugin_info;
++ bool is_wrapped = false;
++
++ //close read
++ close(fd[0]);
++
++ if(!drop_root())
++ exit(EXIT_ERROR);
++
++ void *handle = dlopen(plugin_path, RTLD_LAZY);
++ if (handle != NULL) {
++ is_wrapped = is_wrapper_plugin_handle(handle, &plugin_info);
++ /* Intentionally leak the handle; many libraries crash when unloaded. */
++ /* dlclose(handle); */
++ }
++
++ if (write(fd[1], &plugin_info, sizeof(NPW_PluginInfo)) == -1)
++ exit(EXIT_ERROR);
++
++ exit(is_wrapped ? EXIT_WRAPPED : EXIT_NOT_WRAPPED);
++ }
++ else {
++ //close write
++ close(fd[1]);
++ int status;
++ NPW_PluginInfo info;
++
++ //read result from child
++ if (read(fd[0], &info, sizeof(NPW_PluginInfo)) == -1)
++ return FALSE;
++
++ while (waitpid(pid, &status, 0) != pid)
++ ;
++
++ if (out_plugin_info)
++ *out_plugin_info = info;
++
++ return (WEXITSTATUS(status) == EXIT_WRAPPED);
++ }
+ }
+
+ static bool is_master_wrapper_plugin(const char *plugin_path)
More information about the scm-commits
mailing list