diff options
author | startx2017 <vradu.startx@yandex.com> | 2018-03-12 08:41:01 -0400 |
---|---|---|
committer | startx2017 <vradu.startx@yandex.com> | 2018-03-12 08:41:01 -0400 |
commit | 14b5746d8fba392c02733ce4c90befc32a93fb15 (patch) | |
tree | 2ac6a7de4adaafc730511a70f11b88aca1f47244 /src/fldd | |
parent | fix bash on CentOS 7 (diff) | |
download | firejail-14b5746d8fba392c02733ce4c90befc32a93fb15.tar.gz firejail-14b5746d8fba392c02733ce4c90befc32a93fb15.tar.zst firejail-14b5746d8fba392c02733ce4c90befc32a93fb15.zip |
private-lib bug: 32 bit libraries being copied instead of 64 bit versions; splitting common code for firejail and fldd in a common static library
Diffstat (limited to 'src/fldd')
-rw-r--r-- | src/fldd/Makefile.in | 6 | ||||
-rw-r--r-- | src/fldd/main.c | 55 |
2 files changed, 24 insertions, 37 deletions
diff --git a/src/fldd/Makefile.in b/src/fldd/Makefile.in index 7369c835b..e2bf4b787 100644 --- a/src/fldd/Makefile.in +++ b/src/fldd/Makefile.in | |||
@@ -33,11 +33,11 @@ BINOBJS = $(foreach file, $(OBJS), $file) | |||
33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security | 33 | CFLAGS += -ggdb $(HAVE_FATAL_WARNINGS) -O2 -DVERSION='"$(VERSION)"' $(HAVE_GCOV) -DPREFIX='"$(prefix)"' -DSYSCONFDIR='"$(sysconfdir)/firejail"' -DLIBDIR='"$(libdir)"' $(HAVE_X11) $(HAVE_PRIVATE_HOME) $(HAVE_APPARMOR) $(HAVE_OVERLAYFS) $(HAVE_SECCOMP) $(HAVE_GLOBALCFG) $(HAVE_SECCOMP_H) $(HAVE_CHROOT) $(HAVE_NETWORK) $(HAVE_USERNS) $(HAVE_BIND) $(HAVE_FILE_TRANSFER) $(HAVE_WHITELIST) -fstack-protector-all -D_FORTIFY_SOURCE=2 -fPIE -pie -Wformat -Wformat-security |
34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread | 34 | LDFLAGS += -pie -Wl,-z,relro -Wl,-z,now -lpthread |
35 | 35 | ||
36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h | 36 | %.o : %.c $(H_FILE_LIST) ../include/common.h ../include/syscall.h ../include/ldd_utils.h |
37 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ | 37 | $(CC) $(CFLAGS) $(INCLUDE) -c $< -o $@ |
38 | 38 | ||
39 | fldd: $(OBJS) | 39 | fldd: $(OBJS) ../lib/ldd_utils.o |
40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) $(LIBS) $(EXTRA_LDFLAGS) | 40 | $(CC) $(LDFLAGS) -o $@ $(OBJS) ../lib/ldd_utils.o $(LIBS) $(EXTRA_LDFLAGS) |
41 | 41 | ||
42 | clean:; rm -f *.o fldd *.gcov *.gcda *.gcno | 42 | clean:; rm -f *.o fldd *.gcov *.gcda *.gcno |
43 | 43 | ||
diff --git a/src/fldd/main.c b/src/fldd/main.c index a0530c235..be4500d2a 100644 --- a/src/fldd/main.c +++ b/src/fldd/main.c | |||
@@ -19,8 +19,8 @@ | |||
19 | */ | 19 | */ |
20 | 20 | ||
21 | #include "../include/common.h" | 21 | #include "../include/common.h" |
22 | #include "../include/ldd_utils.h" | ||
22 | 23 | ||
23 | #include <elf.h> | ||
24 | #include <fcntl.h> | 24 | #include <fcntl.h> |
25 | #include <sys/mman.h> | 25 | #include <sys/mman.h> |
26 | #include <sys/mount.h> | 26 | #include <sys/mount.h> |
@@ -29,36 +29,10 @@ | |||
29 | #include <unistd.h> | 29 | #include <unistd.h> |
30 | #include <dirent.h> | 30 | #include <dirent.h> |
31 | 31 | ||
32 | #ifdef __LP64__ | ||
33 | #define Elf_Ehdr Elf64_Ehdr | ||
34 | #define Elf_Phdr Elf64_Phdr | ||
35 | #define Elf_Shdr Elf64_Shdr | ||
36 | #define Elf_Dyn Elf64_Dyn | ||
37 | #else | ||
38 | #define Elf_Ehdr Elf32_Ehdr | ||
39 | #define Elf_Phdr Elf32_Phdr | ||
40 | #define Elf_Shdr Elf32_Shdr | ||
41 | #define Elf_Dyn Elf32_Dyn | ||
42 | #endif | ||
43 | 32 | ||
44 | static int arg_quiet = 0; | 33 | static int arg_quiet = 0; |
45 | static void copy_libs_for_lib(const char *lib); | 34 | static void copy_libs_for_lib(const char *lib); |
46 | 35 | ||
47 | static const char * const default_lib_paths[] = { | ||
48 | "/lib", | ||
49 | "/lib/x86_64-linux-gnu", | ||
50 | "/lib64", | ||
51 | "/usr/lib", | ||
52 | "/usr/lib/x86_64-linux-gnu", | ||
53 | LIBDIR, | ||
54 | "/usr/local/lib", | ||
55 | "/usr/lib/x86_64-linux-gnu/mesa", // libGL.so is sometimes a symlink into this directory | ||
56 | "/usr/lib/x86_64-linux-gnu/mesa-egl", // libGL.so is sometimes a symlink into this directory | ||
57 | // "/usr/lib/x86_64-linux-gnu/plasma-discover", | ||
58 | NULL | ||
59 | }; | ||
60 | |||
61 | |||
62 | typedef struct storage_t { | 36 | typedef struct storage_t { |
63 | struct storage_t *next; | 37 | struct storage_t *next; |
64 | const char *name; | 38 | const char *name; |
@@ -107,7 +81,8 @@ static bool ptr_ok(const void *ptr, const void *base, const void *end, const cha | |||
107 | return r; | 81 | return r; |
108 | } | 82 | } |
109 | 83 | ||
110 | static void copy_libs_for_exe(const char *exe) { | 84 | |
85 | static void parse_elf(const char *exe) { | ||
111 | int f; | 86 | int f; |
112 | f = open(exe, O_RDONLY); | 87 | f = open(exe, O_RDONLY); |
113 | if (f < 0) { | 88 | if (f < 0) { |
@@ -132,6 +107,12 @@ static void copy_libs_for_exe(const char *exe) { | |||
132 | fprintf(stderr, "Warning fldd: %s is not an ELF executable or library\n", exe); | 107 | fprintf(stderr, "Warning fldd: %s is not an ELF executable or library\n", exe); |
133 | goto close; | 108 | goto close; |
134 | } | 109 | } |
110 | //unsigned char elfclass = ebuf->e_ident[EI_CLASS]; | ||
111 | //if (elfclass == ELFCLASS32) | ||
112 | //printf("%s 32bit\n", exe); | ||
113 | //else if (elfclass == ELFCLASS64) | ||
114 | //printf("%s 64bit\n", exe); | ||
115 | |||
135 | 116 | ||
136 | Elf_Phdr *pbuf = (Elf_Phdr *)(base + sizeof(*ebuf)); | 117 | Elf_Phdr *pbuf = (Elf_Phdr *)(base + sizeof(*ebuf)); |
137 | while (ebuf->e_phnum-- > 0 && ptr_ok(pbuf, base, end, "pbuf")) { | 118 | while (ebuf->e_phnum-- > 0 && ptr_ok(pbuf, base, end, "pbuf")) { |
@@ -227,11 +208,11 @@ static void copy_libs_for_lib(const char *lib) { | |||
227 | char *fname; | 208 | char *fname; |
228 | if (asprintf(&fname, "%s/%s", lib_path->name, lib) == -1) | 209 | if (asprintf(&fname, "%s/%s", lib_path->name, lib) == -1) |
229 | errExit("asprintf"); | 210 | errExit("asprintf"); |
230 | if (access(fname, R_OK) == 0) { | 211 | if (access(fname, R_OK) == 0 && is_lib_64(fname)) { |
231 | if (!storage_find(libs, fname)) { | 212 | if (!storage_find(libs, fname)) { |
232 | storage_add(&libs, fname); | 213 | storage_add(&libs, fname); |
233 | // libs may need other libs | 214 | // libs may need other libs |
234 | copy_libs_for_exe(fname); | 215 | parse_elf(fname); |
235 | } | 216 | } |
236 | free(fname); | 217 | free(fname); |
237 | return; | 218 | return; |
@@ -270,9 +251,9 @@ static void walk_directory(const char *dirname) { | |||
270 | 251 | ||
271 | // check regular so library | 252 | // check regular so library |
272 | char *ptr = strstr(entry->d_name, ".so"); | 253 | char *ptr = strstr(entry->d_name, ".so"); |
273 | if (ptr) { | 254 | if (ptr && is_lib_64(path)) { |
274 | if (*(ptr + 3) == '\0' || *(ptr + 3) == '.') { | 255 | if (*(ptr + 3) == '\0' || *(ptr + 3) == '.') { |
275 | copy_libs_for_exe(path); | 256 | parse_elf(path); |
276 | free(path); | 257 | free(path); |
277 | continue; | 258 | continue; |
278 | } | 259 | } |
@@ -356,8 +337,14 @@ printf("\n"); | |||
356 | errExit("stat"); | 337 | errExit("stat"); |
357 | if (S_ISDIR(s.st_mode)) | 338 | if (S_ISDIR(s.st_mode)) |
358 | walk_directory(argv[1]); | 339 | walk_directory(argv[1]); |
359 | else | 340 | else { |
360 | copy_libs_for_exe(argv[1]); | 341 | if (is_lib_64(argv[1])) |
342 | parse_elf(argv[1]); | ||
343 | else { | ||
344 | fprintf(stderr, "Error fldd: %s is not a 64bit program/library\n", argv[1]); | ||
345 | exit(1); | ||
346 | } | ||
347 | } | ||
361 | 348 | ||
362 | 349 | ||
363 | // print libraries and exit | 350 | // print libraries and exit |