aboutsummaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2020-11-20checkpath: fix CVE-2018-21269William Hubbs
This walks the directory path to the file we are going to manipulate to make sure that when we create the file and change the ownership and permissions we are working on the same file. Also, all non-terminal symbolic links must be owned by root. This will keep a non-root user from making a symbolic link as described in the bug. If root creates the symbolic link, it is assumed to be trusted. On non-linux platforms, we no longer follow non-terminal symbolic links by default. If you need to do that, add the -s option on the checkpath command line, but keep in mind that this is not secure. This fixes #201.
2020-09-25supervise-daemon: only log debug logs when verbose mode is activeWilliam Hubbs
2020-01-19src/rc/rc-logger.h: fix build failure against gcc-10Sergei Trofimovich
On gcc-10 (and gcc-9 -fno-common) build fails as: ``` cc -L../librc -L../libeinfo -O2 -g -std=c99 -Wall -Wextra -Wimplicit -Wshadow \ -Wformat=2 -Wmissing-prototypes -Wmissing-declarations -Wmissing-noreturn \ -Wmissing-format-attribute -Wnested-externs -Winline -Wwrite-strings \ -Wcast-align -Wcast-qual -Wpointer-arith -Wdeclaration-after-statement \ -Wsequence-point -Werror=implicit-function-declaration \ -Wl,-rpath=/lib -o openrc rc.o rc-logger.o rc-misc.o rc-plugin.o _usage.o -lutil -lrc -leinfo -Wl,-Bdynamic -ldl ld: rc-logger.o:/home/slyfox/dev/git/openrc/src/rc/rc-logger.h:16: multiple definition of `rc_logger_pid'; rc.o:openrc/src/rc/rc-logger.h:16: first defined here ld: rc-logger.o:/home/slyfox/dev/git/openrc/src/rc/rc-logger.h:17: multiple definition of `rc_logger_tty'; rc.o:openrc/src/rc/rc-logger.h:17: first defined here ``` gcc-10 will change the default from -fcommon to fno-common: https://gcc.gnu.org/PR85678. The error also happens if CFLAGS=-fno-common passed explicitly. This fixes #348.
2020-01-11supervise-daemon: Fix segfault when executable does not existWolf
When executable is provided just by name (and therefore searched in a path), exec_file is reset to NULL every time. exists() handles it being NULL just fine, but dereferencing it in eerror does not work. Fixes #326 Fixes #327
2019-12-05openrc-shutdown.c: typo fixWilliam Hubbs
2019-08-20fix clang buildWilliam Hubbs
2019-08-19fix single user modeWilliam Hubbs
2019-08-15fix sysvinit compatibilityWilliam Hubbs
This allows openrc to direct sysvinit to shut down the system by setting the INIT_HALT environment variable appropriately. Also, we do not try to communicate with sysvinit if its fifo does not exist.
2019-07-25add ability for openrc-shutdown to communicate with sysvinitWilliam Hubbs
This fixes #315.
2019-07-24Fix build with ClangMartin Wilke
This fixes #313.
2019-03-29supervise-daemon: allow --respawn-max to be zeroWilliam Hubbs
2019-02-26remove hidden-visibility.hWilliam Hubbs
I am removing this on the advice of a member of the Gentoo toolchain team. It was explained to me that this doesn't offer any significant benefits to OpenRC. If anyone ffeels differently, please open a pull request reverting this and adding an explanation of what it does and how to know which functions to mark hidden in the future. This fixes #301.
2019-02-25openrc-init: fix waitpid checksWilliam Hubbs
The do_openrc() function was not waiting properly for the child process which started the runlevel to return. We need to repeatedly call waitpid() until its return value matches the pid of the child process or the child process does not exist. This fixes #216. This fixes #300.
2019-02-23librc: fix potential buffer overflow in pid_is_argvWilliam Hubbs
This fixes #299.
2019-02-23Revert "src/librc/librc-daemon.c: fix buffer overrun in pid_is_argv"William Hubbs
This reverts commit 084877eb52971faf8f52c780ddd08ed9af140eb6. The mentioned commit caused some systems to have some services reported as crashed. This fixes #297. This fixes #298.
2019-02-22combine test directoriesWilliam Hubbs
This fixes #295.
2019-02-22remove unused test ignore patternsWilliam Hubbs
2019-02-22remove unused test data filesWilliam Hubbs
2019-02-21librc/librc-depend.c: fix NULL pointer dereferenceGeorgy Yakovlev
In some cases deptree or depinfo can be NULL, check before dereferencing. Fixes https://github.com/OpenRC/openrc/issues/293 Fixes https://github.com/OpenRC/openrc/pulls/294 X-Gentoo-Bug: 659906 X-Gentoo-Bug-URL: https://bugs.gentoo.org/659906
2019-02-19src/test/runtests.sh: drop 'readelf'-based testsSergei Trofimovich
The 'readelf'-based tests cover a few situations: 1. undefined symbols in shared libraries 2. unexpected exports in shared libraries Bug #575958 shows that [2.] implementation is too simplistic in assuming that presence of relocation equals to export presence. It is incorrect for PLT stubs and local symbols. Let's just drop these tests. If one needs to cover [1.] it is better to use LDFLAGS=-Wl,--no-undefined. This closes #292. X-Reported-by: Benda Xu X-Gentoo-Bug: https://bugs.gentoo.org/575958 X-Gentoo-Bug-URL: https://bugs.gentoo.org/575958
2019-02-15rc-status: style fixesWilliam Hubbs
2019-02-15rc-status: add -f option to allow formatting outputWilliam Hubbs
The -f option can be used when showing the status of services in runlevels to allow making the output more easily parsable. Currently, the .ini format is the only one supported.
2019-02-14rc-status.c: small style changesWilliam Hubbs
2019-02-12librc: fix realpath() return value checkEdan Bedrik
This fixes #226.
2019-02-12improve shutdown documentationWilliam Hubbs
This fixes #290.
2018-12-28start-stop-daemon: fix compiler warningWilliam Hubbs
2018-12-27fix leading whitespacephilhofer
Clean up code indented with mixed tabs and spaces. No actual code changes. This fixes #280.
2018-12-27fix potential out-of-bounds readsphilhofer
readlink(3) does not nul-terminate the result it sticks into the supplied buffer. Consequently, the code rc = readlink(path, buf, sizeof(buf)); does not necessarily produce a C string. The code in rc_find_pid() produces some C strings this way and passes them to strlen() and strcmp(), which can lead to an out-of-bounds read. In this case, since the code already takes care to zero-initialize the buffers before passing them to readlink(3), only allow sizeof(buf)-1 bytes to be returned. (While fixing this issue, I fixed two other locations that used the same problematic pattern.) This fixes #270.
2018-12-25Do not use UT_LINESIZE or __UT_LINESIZEWilliam Hubbs
These are not standard. For more information see issue #279. This fixes #279.
2018-12-24src/librc/librc-daemon.c: fix buffer overrun in pid_is_argvphilhofer
The contents of /proc/<pid>/cmdline are read into a stack buffer using bytes = read(fd, buffer, sizeof(buffer)); followed by appending a null terminator to the buffer with buffer[bytes] = '\0'; If bytes == sizeof(buffer), then this write is out-of-bounds. Refactor the code to use rc_getfile instead, since PATH_MAX is not the maximum size of /proc/<pid>/cmdline. (I hit this issue in practice while compiling Linux; it tripped the stack-smashing protector.) This is roughly the same buffer overflow condition that was fixed by commit 0ddee9b7d2b8dea810e252ca6a95c457876df120 This fixes #269.
2018-12-24src/rc/supervise-daemon.c: formatting fixesphilhofer
Fix misleading indentation and other erroneous whitespace. This fixes #273.
2018-12-23src/rc/supervise-daemon.c: do not pass NULL to strcmpphilhofer
The following will cause a segfault due to NULL being passed to strcmp(3) $ RC_SVCNAME=foo supervise-daemon Fix the bounds check on argc in main. If argc<=1, then it is not safe to dereference argv[1].
2018-12-23src/rc/openrc-run.c: remove duplicate statementphilhofer
The statement ll = strlen(applet); appears twice in the same block without any intervening assignment to the variables 'll' or 'applet' Remove the second (duplicate) statement.
2018-12-21fix compiler warningsWilliam Hubbs
2018-12-20supervise-daemon: do not use the exec_service() functionWilliam Hubbs
In order to run healthcheck() and the unhealthy() function, add an exec_command call to the supervisor. Another difference is This function also logs errors instead of attempting to display them. This is for #271.
2018-12-18Add debug logging to start-stop-daemon and rc-supervisorWilliam Hubbs
This will make it easier to track down why the supervisor intermittently hangs after it runs for a long time.
2018-12-06supervise-daemon: fix busy loopWilliam Hubbs
This fixes #264.
2018-12-04supervise-daemon: redirect std{in,out,err} to /dev/null after demonizingAlexander Zubkov
This fixes #239.
2018-12-03misc: make checks always fatalAustin English
This fixes #263.
2018-12-03src/rc/supervise-daemon.c: fix style issueAustin English
This is for #263.
2018-12-03rc-status: show status for supervised services instead of a listWilliam Hubbs
2018-12-03supervise-daemon: use a default pid file if one is not specifiedWilliam Hubbs
Since the pid file is internal to us, start moving toward deprecating it by not requiring the user to specify it. In the next release, I plan on working on code to start phasing out the use of a pid file if this is possible.
2018-12-02rc-status: add --supervised option to show supervised servicesWilliam Hubbs
2018-12-02rc-status: show failed services as failedWilliam Hubbs
2018-12-02supervise-daemon: mark a service failed if it respawns too many timesWilliam Hubbs
2018-12-02supervise-daemon: make respawn-max and respawn-period independent settingsWilliam Hubbs
2018-12-02supervise-daemon: add support for a fifoWilliam Hubbs
This will allow us to signal the daemon we are supervising as well as send other commands to the supervisor in the future. This fixes #227.
2018-12-02supervise-daemon: rework signal handling and main loopWilliam Hubbs
This is needed in preparation for adding support for a fifo to allow us to communicate with the supervisor to ask it to signal the child it is supervising.
2018-12-02Revert "checkpath: use O_PATH when available"William Hubbs
This reverts commit 2af0cedd5952d7da71681b7a636dff3540e4295d. After speaking with Luis Ressel on the Gentoo selinux team, I am reverting this commit for the following reasons: - Luis told me that he feels this is not the solution we need to address the concern with checkpath; I will be working with him on another solution. - There are concerns about the way the path variable was handled and the assert() call. The path variable should be dynamically allocated using xasprintf instead of defining a length at compile time. This would eliminate the need for the assert() call. - It introduces the definition of _GNU_SOURCE which makes it easier to introduce portability concerns in the future (see #262).
2018-12-01checkpath: use O_PATH when availableMike Gilbert
This avoids opening directories/files with read permission, which is sometimes rejected by selinux policy. Bug: https://bugs.gentoo.org/667122