From 3050ef0353e002a3c33214f039a64c2871650ca2 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 2 Oct 2021 12:43:35 -0300 Subject: s/S_IWRITE/S_IWUSR/ They are equivalent, but only the latter is POSIX. See sys_stat.h(0p) of POSIX.1-2017[1]. From Section 14.9.5, The Mode Bits for Access Permission of the glibc manual[2]: > S_IWUSR > S_IWRITE > > Write permission bit for the owner of the file. Usually 0200. > S_IWRITE is an obsolete synonym provided for BSD compatibility. Current usage: $ git grep -F S_IWRITE -- src | wc -l 11 $ git grep -F S_IWUSR -- src | wc -l 26 Commands used to search and replace: $ git grep -l -z S_IWRITE -- src | xargs -0 -I '{}' sh -c \ "printf '%s\n' \"\`sed 's/S_IWRITE/S_IWUSR/g' '{}'\`\" >'{}'" Note: The other related non-POSIX macros are not used anywhere: $ git grep -F -e S_IREAD -e S_IEXEC -- src $ [1] https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_stat.h.html [2] https://www.gnu.org/software/libc/manual/html_node/Permission-Bits.html --- src/firejail/chroot.c | 2 +- src/firejail/fs_hostname.c | 4 ++-- src/firejail/fs_trace.c | 6 +++--- src/firejail/fs_var.c | 6 +++--- src/firejail/ls.c | 2 +- src/firejail/sandbox.c | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/firejail/chroot.c b/src/firejail/chroot.c index 37ec22117..9425638ea 100644 --- a/src/firejail/chroot.c +++ b/src/firejail/chroot.c @@ -86,7 +86,7 @@ static void update_file(int parentfd, const char *relpath) { if (arg_debug) printf("Updating chroot /%s\n", relpath); unlinkat(parentfd, relpath, 0); - int out = openat(parentfd, relpath, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); + int out = openat(parentfd, relpath, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (out == -1) { close(in); goto errout; diff --git a/src/firejail/fs_hostname.c b/src/firejail/fs_hostname.c index 7d320e90b..43f6e658e 100644 --- a/src/firejail/fs_hostname.c +++ b/src/firejail/fs_hostname.c @@ -33,7 +33,7 @@ void fs_hostname(const char *hostname) { if (arg_debug) printf("Creating a new /etc/hostname file\n"); - create_empty_file_as_root(RUN_HOSTNAME_FILE, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); + create_empty_file_as_root(RUN_HOSTNAME_FILE, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); // bind-mount the file on top of /etc/hostname if (mount(RUN_HOSTNAME_FILE, "/etc/hostname", NULL, MS_BIND|MS_REC, NULL) < 0) @@ -75,7 +75,7 @@ void fs_hostname(const char *hostname) { } fclose(fp1); // mode and owner - SET_PERMS_STREAM(fp2, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); + SET_PERMS_STREAM(fp2, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); fclose(fp2); // bind-mount the file on top of /etc/hostname diff --git a/src/firejail/fs_trace.c b/src/firejail/fs_trace.c index 475a391ec..dd9abe253 100644 --- a/src/firejail/fs_trace.c +++ b/src/firejail/fs_trace.c @@ -36,7 +36,7 @@ void fs_trace_preload(void) { FILE *fp = fopen("/etc/ld.so.preload", "wxe"); if (!fp) errExit("fopen"); - SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); + SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); fclose(fp); fs_logger("touch /etc/ld.so.preload"); } @@ -47,7 +47,7 @@ void fs_tracefile(void) { if (arg_debug) printf("Creating an empty trace log file: %s\n", arg_tracefile); EUID_USER(); - int fd = open(arg_tracefile, O_CREAT|O_WRONLY|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); + int fd = open(arg_tracefile, O_CREAT|O_WRONLY|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (fd == -1) { perror("open"); fprintf(stderr, "Error: cannot open trace log file %s for writing\n", arg_tracefile); @@ -100,7 +100,7 @@ void fs_trace(void) { fmessage("Post-exec seccomp protector enabled\n"); } - SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); + SET_PERMS_STREAM(fp, 0, 0, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); fclose(fp); // mount the new preload file diff --git a/src/firejail/fs_var.c b/src/firejail/fs_var.c index 20e262d80..12ffd8383 100644 --- a/src/firejail/fs_var.c +++ b/src/firejail/fs_var.c @@ -129,7 +129,7 @@ void fs_var_log(void) { /* coverity[toctou] */ FILE *fp = fopen("/var/log/wtmp", "wxe"); if (fp) { - SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP | S_IROTH); + SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); fclose(fp); } fs_logger("touch /var/log/wtmp"); @@ -137,7 +137,7 @@ void fs_var_log(void) { // create an empty /var/log/btmp file fp = fopen("/var/log/btmp", "wxe"); if (fp) { - SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP); + SET_PERMS_STREAM(fp, 0, wtmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); fclose(fp); } fs_logger("touch /var/log/btmp"); @@ -314,7 +314,7 @@ void fs_var_utmp(void) { // save new utmp file int rv = fwrite(&u_boot, sizeof(u_boot), 1, fp); (void) rv; - SET_PERMS_STREAM(fp, 0, utmp_group, S_IRUSR | S_IWRITE | S_IRGRP | S_IWGRP | S_IROTH); + SET_PERMS_STREAM(fp, 0, utmp_group, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH); fclose(fp); // mount the new utmp file diff --git a/src/firejail/ls.c b/src/firejail/ls.c index 70985ba9e..53e918dde 100644 --- a/src/firejail/ls.c +++ b/src/firejail/ls.c @@ -305,7 +305,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) { } // create destination file if necessary EUID_ASSERT(); - int fd = open(dest_fname, O_WRONLY|O_CREAT|O_CLOEXEC, S_IRUSR | S_IWRITE); + int fd = open(dest_fname, O_WRONLY|O_CREAT|O_CLOEXEC, S_IRUSR | S_IWUSR); if (fd == -1) { fprintf(stderr, "Error: cannot open %s for writing\n", dest_fname); exit(1); diff --git a/src/firejail/sandbox.c b/src/firejail/sandbox.c index 83e50aee2..5e0e849b9 100644 --- a/src/firejail/sandbox.c +++ b/src/firejail/sandbox.c @@ -204,7 +204,7 @@ static void save_umask(void) { } static char *create_join_file(void) { - int fd = open(RUN_JOIN_FILE, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWRITE | S_IRGRP | S_IROTH); + int fd = open(RUN_JOIN_FILE, O_RDWR|O_CREAT|O_EXCL|O_CLOEXEC, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); if (fd == -1) errExit("open"); if (ftruncate(fd, 1) == -1) -- cgit v1.2.3-54-g00ecf