2 * Copyright (C) 2011 - David Goulet <david.goulet@polymtl.ca>
3 * Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License, version 2 only,
7 * as published by the Free Software Foundation.
9 * This program is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 * You should have received a copy of the GNU General Public License along
15 * with this program; if not, write to the Free Software Foundation, Inc.,
16 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27 #include <sys/types.h>
32 #include <sys/signal.h>
34 #include <common/common.h>
35 #include <common/utils.h>
36 #include <common/compat/mman.h>
37 #include <common/compat/clone.h>
41 #define RUNAS_CHILD_STACK_SIZE 10485760
48 /* FreeBSD MAP_STACK always return -ENOMEM */
49 #define LTTNG_MAP_STACK 0
51 #define LTTNG_MAP_STACK MAP_STACK
55 #define MAP_GROWSDOWN 0
59 #define MAP_ANONYMOUS MAP_ANON
63 int (*cmd
)(void *data
);
70 struct run_as_mkdir_data
{
75 struct run_as_open_data
{
91 return !getenv("LTTNG_DEBUG_NOCLONE");
96 * Create recursively directory using the FULL path.
99 int _mkdir_recursive(void *_data
)
101 struct run_as_mkdir_data
*data
= _data
;
108 return utils_mkdir_recursive(path
, mode
);
112 int _mkdir(void *_data
)
115 struct run_as_mkdir_data
*data
= _data
;
117 ret
= mkdir(data
->path
, data
->mode
);
126 int _open(void *_data
)
128 struct run_as_open_data
*data
= _data
;
129 return open(data
->path
, data
->flags
, data
->mode
);
133 int child_run_as(void *_data
)
136 struct run_as_data
*data
= _data
;
141 * Child: it is safe to drop egid and euid while sharing the
142 * file descriptors with the parent process, since we do not
143 * drop "uid": therefore, the user we are dropping egid/euid to
144 * cannot attach to this process with, e.g. ptrace, nor map this
147 if (data
->gid
!= getegid()) {
148 ret
= setegid(data
->gid
);
155 if (data
->uid
!= geteuid()) {
156 ret
= seteuid(data
->uid
);
164 * Also set umask to 0 for mkdir executable bit.
167 sendret
= (*data
->cmd
)(data
->data
);
170 /* send back return value */
171 writelen
= lttng_write(data
->retval_pipe
, &sendret
, sizeof(sendret
));
172 if (writelen
< sizeof(sendret
)) {
173 PERROR("lttng_write error");
181 int run_as_clone(int (*cmd
)(void *data
), void *data
, uid_t uid
, gid_t gid
)
183 struct run_as_data run_as_data
;
193 * If we are non-root, we can only deal with our own uid.
195 if (geteuid() != 0) {
196 if (uid
!= geteuid()) {
197 ERR("Client (%d)/Server (%d) UID mismatch (and sessiond is not root)",
203 ret
= pipe(retval_pipe
);
209 run_as_data
.data
= data
;
210 run_as_data
.cmd
= cmd
;
211 run_as_data
.uid
= uid
;
212 run_as_data
.gid
= gid
;
213 run_as_data
.retval_pipe
= retval_pipe
[1]; /* write end */
214 child_stack
= mmap(NULL
, RUNAS_CHILD_STACK_SIZE
,
215 PROT_WRITE
| PROT_READ
,
216 MAP_PRIVATE
| MAP_GROWSDOWN
| MAP_ANONYMOUS
| LTTNG_MAP_STACK
,
218 if (child_stack
== MAP_FAILED
) {
224 * Pointing to the middle of the stack to support architectures
225 * where the stack grows up (HPPA).
227 pid
= lttng_clone_files(child_run_as
, child_stack
+ (RUNAS_CHILD_STACK_SIZE
/ 2),
234 /* receive return value */
235 readlen
= lttng_read(retval_pipe
[0], &retval
, sizeof(retval
));
236 if (readlen
< sizeof(retval
)) {
241 * Parent: wait for child to return, in which case the
242 * shared memory map will have been created.
244 pid
= waitpid(pid
, &status
, 0);
245 if (pid
< 0 || !WIFEXITED(status
) || WEXITSTATUS(status
) != 0) {
250 ret
= munmap(child_stack
, RUNAS_CHILD_STACK_SIZE
);
256 ret
= close(retval_pipe
[0]);
260 ret
= close(retval_pipe
[1]);
269 * To be used on setups where gdb has issues debugging programs using
270 * clone/rfork. Note that this is for debuging ONLY, and should not be
274 int run_as_noclone(int (*cmd
)(void *data
), void *data
, uid_t uid
, gid_t gid
)
287 int run_as(int (*cmd
)(void *data
), void *data
, uid_t uid
, gid_t gid
)
292 DBG("Using run_as_clone");
293 pthread_mutex_lock(<tng_libc_state_lock
);
294 ret
= run_as_clone(cmd
, data
, uid
, gid
);
295 pthread_mutex_unlock(<tng_libc_state_lock
);
298 DBG("Using run_as_noclone");
299 return run_as_noclone(cmd
, data
, uid
, gid
);
304 int run_as_mkdir_recursive(const char *path
, mode_t mode
, uid_t uid
, gid_t gid
)
306 struct run_as_mkdir_data data
;
308 DBG3("mkdir() recursive %s with mode %d for uid %d and gid %d",
309 path
, mode
, uid
, gid
);
312 return run_as(_mkdir_recursive
, &data
, uid
, gid
);
316 int run_as_mkdir(const char *path
, mode_t mode
, uid_t uid
, gid_t gid
)
318 struct run_as_mkdir_data data
;
320 DBG3("mkdir() %s with mode %d for uid %d and gid %d",
321 path
, mode
, uid
, gid
);
324 return run_as(_mkdir
, &data
, uid
, gid
);
328 * Note: open_run_as is currently not working. We'd need to pass the fd
329 * opened in the child to the parent.
332 int run_as_open(const char *path
, int flags
, mode_t mode
, uid_t uid
, gid_t gid
)
334 struct run_as_open_data data
;
336 DBG3("open() %s with flags %X mode %d for uid %d and gid %d",
337 path
, flags
, mode
, uid
, gid
);
341 return run_as(_open
, &data
, uid
, gid
);
This page took 0.037215 seconds and 5 git commands to generate.
projects / lttng-tools.git / blob