diff options
| author |  Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-10-02 12:43:35 -0300 |
|---|---|---|
| committer | Kelvin M. Klann <kmk3.code@protonmail.com> | 2021-10-02 15:41:02 -0300 |
| commit | 3050ef0353e002a3c33214f039a64c2871650ca2 (patch) | |
| tree | 94f9a64ca7144b6e38b49ae5b80ec4484667253c | |
| parent | Merge pull request #4585 from smitsohu/euid (diff) | |
| download | firejail-3050ef0353e002a3c33214f039a64c2871650ca2.tar.gz firejail-3050ef0353e002a3c33214f039a64c2871650ca2.tar.zst firejail-3050ef0353e002a3c33214f039a64c2871650ca2.zip | |
s/S_IWRITE/S_IWUSR/
They are equivalent, but only the latter is POSIX. See sys_stat.h(0p)
of POSIX.1-2017[1]. From Section 14.9.5, The Mode Bits for Access
Permission of the glibc manual[2]:
> S_IWUSR
> S_IWRITE
>
> Write permission bit for the owner of the file. Usually 0200.
> S_IWRITE is an obsolete synonym provided for BSD compatibility.
Current usage:
$ git grep -F S_IWRITE -- src | wc -l
11
$ git grep -F S_IWUSR -- src | wc -l
26
Commands used to search and replace:
$ git grep -l -z S_IWRITE -- src | xargs -0 -I '{}' sh -c \
"printf '%s\n' \"\`sed 's/S_IWRITE/S_IWUSR/g' '{}'\`\" >'{}'"
Note: The other related non-POSIX macros are not used anywhere:
$ git grep -F -e S_IREAD -e S_IEXEC -- src
$
[1] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_stat.h.html
[2] https://www.gnu.org/software/libc/manual/html_node/Permission-Bits.html
| -rw-r--r-- | src/firejail/chroot.c | 2 | ||||
| -rw-r--r-- | src/firejail/fs_hostname.c | 4 | ||||
| -rw-r--r-- | src/firejail/fs_trace.c | 6 | ||||
| -rw-r--r-- | src/firejail/fs_var.c | 6 | ||||
| -rw-r--r-- | src/firejail/ls.c | 2 | ||||
| -rw-r--r-- | src/firejail/sandbox.c | 2 |
6 files changed, 11 insertions, 11 deletions
diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index 37ec22117..9425638ea 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c | |||
| @@ -86,7 +86,7 @@ static void update_file(int parentfd, const char *relpath) { | |||
| 86 | if (arg_debug) | 86 | if (arg_debug) |
| 87 | printf("Updating chroot /%s\n", relpath); | 87 | printf("Updating chroot /%s\n", relpath); |
| 88 | unlinkat(parentfd, relpath, 0); | 88 | unlinkat(parentfd, relpath, 0); |
| 89 | int out = openat(parentfd, relpath, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 89 | int out = openat(parentfd, relpath, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
| 90 | if (out == -1) { | 90 | if (out == -1) { |
| 91 | close(in); | 91 | close(in); |
| 92 | goto errout; | 92 | goto errout; |
diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index 7d320e90b..43f6e658e 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c | |||
| @@ -33,7 +33,7 @@ void fs_hostname(const char *hostname) { | |||
| 33 | if (arg_debug) | 33 | if (arg_debug) |
| 34 | printf("Creating a new /etc/hostname file\n"); | 34 | printf("Creating a new /etc/hostname file\n"); |
| 35 | 35 | ||
| 36 | create_empty_file_as_root(RUN_HOSTNAME_FILE, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 36 | create_empty_file_as_root(RUN_HOSTNAME_FILE, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
| 37 | 37 | ||
| 38 | // bind-mount the file on top of /etc/hostname | 38 | // bind-mount the file on top of /etc/hostname |
| 39 | if (mount(RUN_HOSTNAME_FILE, "/etc/hostname", NULL, MS_BIND|MS_REC, NULL) < 0) | 39 | if (mount(RUN_HOSTNAME_FILE, "/etc/hostname", NULL, MS_BIND|MS_REC, NULL) < 0) |
| @@ -75,7 +75,7 @@ void fs_hostname(const char *hostname) { | |||
| 75 | } | 75 | } |
| 76 | fclose(fp1); | 76 | fclose(fp1); |
| 77 | // mode and owner | 77 | // mode and owner |
| 78 | SET_PERMS_STREAM(fp2, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 78 | SET_PERMS_STREAM(fp2, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
| 79 | fclose(fp2); | 79 | fclose(fp2); |
| 80 | 80 | ||
| 81 | // bind-mount the file on top of /etc/hostname | 81 | // bind-mount the file on top of /etc/hostname |
diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 475a391ec..dd9abe253 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c | |||
| @@ -36,7 +36,7 @@ void fs_trace_preload(void) { | |||
| 36 | FILE *fp = fopen("/etc/ld.so.preload", "wxe"); | 36 | FILE *fp = fopen("/etc/ld.so.preload", "wxe"); |
| 37 | if (!fp) | 37 | if (!fp) |
| 38 | errExit("fopen"); | 38 | errExit("fopen"); |
| 39 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 39 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
| 40 | fclose(fp); | 40 | fclose(fp); |
| 41 | fs_logger("touch /etc/ld.so.preload"); | 41 | fs_logger("touch /etc/ld.so.preload"); |
| 42 | } | 42 | } |
| @@ -47,7 +47,7 @@ void fs_tracefile(void) { | |||
| 47 | if (arg_debug) | 47 | if (arg_debug) |
| 48 | printf("Creating an empty trace log file: %s\n", arg_tracefile); | 48 | printf("Creating an empty trace log file: %s\n", arg_tracefile); |
| 49 | EUID_USER(); | 49 | EUID_USER(); |
| 50 | int fd = open(arg_tracefile, O_CREAT|O_WRONLY|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 50 | int fd = open(arg_tracefile, O_CREAT|O_WRONLY|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
| 51 | if (fd == -1) { | 51 | if (fd == -1) { |
| 52 | perror("open"); | 52 | perror("open"); |
| 53 | fprintf(stderr, "Error: cannot open trace log file %s for writing\n", arg_tracefile); | 53 | fprintf(stderr, "Error: cannot open trace log file %s for writing\n", arg_tracefile); |
| @@ -100,7 +100,7 @@ void fs_trace(void) { | |||
| 100 | fmessage("Post-exec seccomp protector enabled\n"); | 100 | fmessage("Post-exec seccomp protector enabled\n"); |
| 101 | } | 101 | } |
| 102 | 102 | ||
| 103 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 103 | SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
| 104 | fclose(fp); | 104 | fclose(fp); |
| 105 | 105 | ||
| 106 | // mount the new preload file | 106 | // mount the new preload file |
diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index 20e262d80..12ffd8383 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c | |||
| @@ -129,7 +129,7 @@ void fs_var_log(void) { | |||
| 129 | /* coverity[toctou] */ | 129 | /* coverity[toctou] */ |
| 130 | FILE *fp = fopen("/var/log/wtmp", "wxe"); | 130 | FILE *fp = fopen("/var/log/wtmp", "wxe"); |
| 131 | if (fp) { | 131 | if (fp) { |
| 132 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP | S_IROTH); | 132 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); |
| 133 | fclose(fp); | 133 | fclose(fp); |
| 134 | } | 134 | } |
| 135 | fs_logger("touch /var/log/wtmp"); | 135 | fs_logger("touch /var/log/wtmp"); |
| @@ -137,7 +137,7 @@ void fs_var_log(void) { | |||
| 137 | // create an empty /var/log/btmp file | 137 | // create an empty /var/log/btmp file |
| 138 | fp = fopen("/var/log/btmp", "wxe"); | 138 | fp = fopen("/var/log/btmp", "wxe"); |
| 139 | if (fp) { | 139 | if (fp) { |
| 140 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP); | 140 | SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); |
| 141 | fclose(fp); | 141 | fclose(fp); |
| 142 | } | 142 | } |
| 143 | fs_logger("touch /var/log/btmp"); | 143 | fs_logger("touch /var/log/btmp"); |
| @@ -314,7 +314,7 @@ void fs_var_utmp(void) { | |||
| 314 | // save new utmp file | 314 | // save new utmp file |
| 315 | int rv = fwrite(&u_boot, sizeof(u_boot), 1, fp); | 315 | int rv = fwrite(&u_boot, sizeof(u_boot), 1, fp); |
| 316 | (void) rv; | 316 | (void) rv; |
| 317 | SET_PERMS_STREAM(fp, 0, utmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP | S_IROTH); | 317 | SET_PERMS_STREAM(fp, 0, utmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); |
| 318 | fclose(fp); | 318 | fclose(fp); |
| 319 | 319 | ||
| 320 | // mount the new utmp file | 320 | // mount the new utmp file |
diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 70985ba9e..53e918dde 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c | |||
| @@ -305,7 +305,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { | |||
| 305 | } | 305 | } |
| 306 | // create destination file if necessary | 306 | // create destination file if necessary |
| 307 | EUID_ASSERT(); | 307 | EUID_ASSERT(); |
| 308 | int fd = open(dest_fname, O_WRONLY|O_CREAT|O_CLOEXEC, S_IRUSR | S_IWRITE); | 308 | int fd = open(dest_fname, O_WRONLY|O_CREAT|O_CLOEXEC, S_IRUSR | S_IWUSR); |
| 309 | if (fd == -1) { | 309 | if (fd == -1) { |
| 310 | fprintf(stderr, "Error: cannot open %s for writing\n", dest_fname); | 310 | fprintf(stderr, "Error: cannot open %s for writing\n", dest_fname); |
| 311 | exit(1); | 311 | exit(1); |
diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 83e50aee2..5e0e849b9 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c | |||
| @@ -204,7 +204,7 @@ static void save_umask(void) { | |||
| 204 | } | 204 | } |
| 205 | 205 | ||
| 206 | static char *create_join_file(void) { | 206 | static char *create_join_file(void) { |
| 207 | int fd = open(RUN_JOIN_FILE, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); | 207 | int fd = open(RUN_JOIN_FILE, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); |
| 208 | if (fd == -1) | 208 | if (fd == -1) |
| 209 | errExit("open"); | 209 | errExit("open"); |
| 210 | if (ftruncate(fd, 1) == -1) | 210 | if (ftruncate(fd, 1) == -1) |