Compare commits
7 Commits
420f34a7f3
...
new-dialog
| Author | SHA1 | Date | |
|---|---|---|---|
78e108d0d4
|
|||
|
b4149ac425
|
|||
|
6065a0c20a
|
|||
|
15fa0fe193
|
|||
|
801a7cdb39
|
|||
|
22b091f017
|
|||
|
fd2144a1f9
|
4
.gitignore
vendored
4
.gitignore
vendored
@@ -2,13 +2,13 @@ build/*
|
||||
.clang-tidy
|
||||
.cache
|
||||
test/protected/*
|
||||
test/.pt.db
|
||||
*compile_commands.json
|
||||
test/perf*
|
||||
test/callgraph*
|
||||
test/openers
|
||||
test/opener/opener
|
||||
test/opener/opener.o
|
||||
test/.*
|
||||
*compile_commands.json
|
||||
src/gui/ui/*
|
||||
src/gui/*.o
|
||||
src/gui/icfs_dialogue
|
||||
|
||||
@@ -12,7 +12,9 @@
|
||||
#include "proc_operations.h"
|
||||
#include "process_info.h"
|
||||
#include <pthread.h>
|
||||
#include <stddef.h>
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <sys/types.h>
|
||||
|
||||
struct temp_process_permissions {
|
||||
@@ -127,14 +129,23 @@ access_t check_temp_access_noparent(const char *filename, pid_t pid) {
|
||||
if (process_creation_time == permission_entry->creation_time) {
|
||||
// the process is the same as the one that was granted temporary access
|
||||
// to the file
|
||||
size_t filename_len = strlen(filename);
|
||||
for_each(&permission_entry->denied_files, denied_file) {
|
||||
if (strncmp(*denied_file, filename, strlen(filename)) == 0) {
|
||||
size_t denied_file_len = strlen(*denied_file);
|
||||
if (strncmp(*denied_file, filename, denied_file_len) == 0 &&
|
||||
((denied_file_len < filename_len &&
|
||||
(*denied_file)[denied_file_len - 1] == '/') ||
|
||||
(denied_file_len == filename_len))) {
|
||||
pthread_mutex_unlock(&temp_permissions_table_lock);
|
||||
return DENY;
|
||||
}
|
||||
}
|
||||
for_each(&permission_entry->allowed_files, allowed_file) {
|
||||
if (strncmp(*allowed_file, filename, strlen(filename)) == 0) {
|
||||
size_t allowed_file_len = strlen(*allowed_file);
|
||||
if (strncmp(*allowed_file, filename, allowed_file_len) == 0 &&
|
||||
((allowed_file_len < filename_len &&
|
||||
(*allowed_file)[allowed_file_len - 1] == '/') ||
|
||||
(allowed_file_len == filename_len))) {
|
||||
pthread_mutex_unlock(&temp_permissions_table_lock);
|
||||
return ALLOW;
|
||||
}
|
||||
|
||||
@@ -125,9 +125,9 @@ struct dialogue_response ask_access(const char *filename,
|
||||
fprintf(stderr, "dialogue wrote out %s\n", first(&dialogue_output));
|
||||
fprintf(stderr, "dialogue returned %d\n", dialogue_exit_code);
|
||||
|
||||
// if (size(&dialogue_output) == 0) {
|
||||
// push(&dialogue_output, '.');
|
||||
// }
|
||||
if (size(&dialogue_output) == 0) {
|
||||
push(&dialogue_output, '/');
|
||||
}
|
||||
|
||||
assert(strlen(first(&dialogue_output)) == size(&dialogue_output));
|
||||
|
||||
@@ -225,7 +225,6 @@ int interactive_access(const char *filename, struct process_info proc_info,
|
||||
// the user might specify a different file in the dialogue, so we need to
|
||||
// check if it is valid
|
||||
|
||||
/*
|
||||
while (source_access(response.filename, F_OK)) {
|
||||
// if it is invalid, just ask again.
|
||||
fprintf(stderr, "Filename returned by zenty wasn't correct: %s\n",
|
||||
@@ -233,7 +232,7 @@ int interactive_access(const char *filename, struct process_info proc_info,
|
||||
free(response.filename);
|
||||
response = ask_access(filename, proc_info);
|
||||
}
|
||||
*/
|
||||
|
||||
free(real_path);
|
||||
|
||||
real_path = real_filename(response.filename);
|
||||
|
||||
@@ -1,29 +1,41 @@
|
||||
#!/bin/bash
|
||||
|
||||
# fake-zenity: script that mocks the behavior of zenity based on the ./.fake-zenity-response file
|
||||
# fake-icfs_dialogue: script that mocks the behavior of icfs_dialogue based on the ./.fake-icfs_dialogue-response file
|
||||
|
||||
ZENITY_YES=0
|
||||
ZENITY_NO=1
|
||||
ZENITY_PERM=2
|
||||
ICFS_DIALOGUE_YES=0
|
||||
ICFS_DIALOGUE_NO=1
|
||||
ICFS_DIALOGUE_PERM=2
|
||||
|
||||
if [[ $1 == "--set-fake-response" ]]; then
|
||||
#someone knows we are fake :)
|
||||
echo "$2" >~/.fake_zenity_response
|
||||
echo "$2" >~/.fake_icfs_dialogue_response
|
||||
elif [[ $1 == "--set-fake-response-filename" ]]; then
|
||||
echo "$2" >~/.fake_icfs_dialogue_response_filename
|
||||
elif [[ $1 == "--reset-fake-response" ]]; then
|
||||
rm ~/.fake_icfs_dialogue_response ~/.fake_icfs_dialogue_response_filename
|
||||
else
|
||||
if [ -f ~/.fake_zenity_response ]; then
|
||||
FAKE_ZENITY_RESPONSE=$(cat ~/.fake_zenity_response)
|
||||
if [ -f ~/.fake_icfs_dialogue_response ]; then
|
||||
FAKE_ICFS_DIALOGUE_RESPONSE=$(cat ~/.fake_icfs_dialogue_response)
|
||||
|
||||
printf "%s" "$4"
|
||||
if [[ $FAKE_ZENITY_RESPONSE == "yes" ]]; then
|
||||
exit "$ZENITY_YES"
|
||||
elif [[ $FAKE_ZENITY_RESPONSE == "no" ]]; then
|
||||
exit "$ZENITY_NO"
|
||||
elif [[ $FAKE_ZENITY_RESPONSE == "yes_perm" ]]; then
|
||||
exit "$((ZENITY_YES | ZENITY_PERM))"
|
||||
elif [[ $FAKE_ZENITY_RESPONSE == "no_perm" ]]; then
|
||||
exit "$((ZENITY_NO | ZENITY_PERM))"
|
||||
if [[ -f ~/.fake_icfs_dialogue_response_filename ]]; then
|
||||
FAKE_ICFS_DIALOGUE_RESPONSE_FILENAME=$(cat ~/.fake_icfs_dialogue_response_filename)
|
||||
if [[ $FAKE_ICFS_DIALOGUE_RESPONSE_FILENAME == "" ]]; then
|
||||
printf "%s" "$4"
|
||||
else
|
||||
printf "%s" "$(cat ~/.fake_icfs_dialogue_response_filename)"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [[ $FAKE_ICFS_DIALOGUE_RESPONSE == "yes" ]]; then
|
||||
exit "$ICFS_DIALOGUE_YES"
|
||||
elif [[ $FAKE_ICFS_DIALOGUE_RESPONSE == "no" ]]; then
|
||||
exit "$ICFS_DIALOGUE_NO"
|
||||
elif [[ $FAKE_ICFS_DIALOGUE_RESPONSE == "yes_perm" ]]; then
|
||||
exit "$((ICFS_DIALOGUE_YES | ICFS_DIALOGUE_PERM))"
|
||||
elif [[ $FAKE_ICFS_DIALOGUE_RESPONSE == "no_perm" ]]; then
|
||||
exit "$((ICFS_DIALOGUE_NO | ICFS_DIALOGUE_PERM))"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 255 # TODO: call actual zenity here
|
||||
exit 255 # TODO: call actual icfs_dialogue here
|
||||
|
||||
@@ -1,20 +1,86 @@
|
||||
|
||||
|
||||
#include <dirent.h>
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/types.h>
|
||||
#include <unistd.h>
|
||||
|
||||
#define PATH_MAX 4096
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
// Check for correct usage
|
||||
if (argc != 2) {
|
||||
fprintf(stderr, "Usage: ./opener [FILENAME]");
|
||||
fprintf(stderr, "Usage: %s <pathname>\n", argv[0]);
|
||||
return 1;
|
||||
}
|
||||
|
||||
int fd = open(argv[1], O_RDWR | O_CREAT);
|
||||
if (fd == -1) {
|
||||
perror("Cannot open file");
|
||||
const char *path = argv[1];
|
||||
struct stat statbuf;
|
||||
|
||||
// Stat the given path to determine if it's a directory
|
||||
if (lstat(path, &statbuf) == -1) {
|
||||
perror("lstat");
|
||||
return 1;
|
||||
}
|
||||
close(fd);
|
||||
|
||||
return 0;
|
||||
// Case 1: The path is not a directory
|
||||
if (!S_ISDIR(statbuf.st_mode)) {
|
||||
int fd = open(path, O_RDONLY);
|
||||
if (fd == -1) {
|
||||
perror("open");
|
||||
return 1;
|
||||
}
|
||||
close(fd);
|
||||
return 0;
|
||||
}
|
||||
|
||||
// Case 2: The path is a directory
|
||||
DIR *dirp = opendir(path);
|
||||
if (dirp == NULL) {
|
||||
perror("opendir");
|
||||
return 1;
|
||||
}
|
||||
|
||||
struct dirent *entry;
|
||||
int success = 1;
|
||||
|
||||
while ((entry = readdir(dirp)) != NULL) {
|
||||
// Skip . and ..
|
||||
if (strcmp(entry->d_name, ".") == 0 || strcmp(entry->d_name, "..") == 0) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// Construct the full path
|
||||
char fullpath[PATH_MAX];
|
||||
snprintf(fullpath, PATH_MAX, "%s/%s", path, entry->d_name);
|
||||
|
||||
// Stat the entry to check if it's a regular file
|
||||
struct stat entry_stat;
|
||||
if (lstat(fullpath, &entry_stat) == -1) {
|
||||
perror("lstat");
|
||||
success = 0;
|
||||
break;
|
||||
}
|
||||
|
||||
// Only process regular files
|
||||
if (!S_ISREG(entry_stat.st_mode)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// Try to open and immediately close the file
|
||||
int fd = open(fullpath, O_RDONLY);
|
||||
if (fd == -1) {
|
||||
perror("open");
|
||||
success = 0;
|
||||
break;
|
||||
}
|
||||
close(fd);
|
||||
}
|
||||
|
||||
closedir(dirp);
|
||||
|
||||
return (success ? 0 : 1);
|
||||
}
|
||||
|
||||
@@ -9,6 +9,13 @@ touch ./protected/do-not-remove ./protected/should-be-removed ./protected/truth
|
||||
chmod 777 ./protected/perm777 ./protected/perm000
|
||||
echo "Free code, free world." >./protected/motto
|
||||
|
||||
mkdir protected/haystack
|
||||
for i in {1..10}; do
|
||||
touch "./protected/haystack/hay$i"
|
||||
done
|
||||
touch ./protected/haystack/needle
|
||||
echo "Liberty in every line." >./protected/haystack/needle
|
||||
|
||||
rm -rf ./openers
|
||||
mkdir openers
|
||||
make -C ./opener || (
|
||||
@@ -151,16 +158,56 @@ openers/symlinked_opener2 ./protected/motto >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: openers/symlinked_opener2 can read protected/motto despite access being denied!" ||
|
||||
echo "[ICFS-TEST]: OK" # EACCESS
|
||||
|
||||
# test permission globbing
|
||||
|
||||
icfs_dialogue --set-fake-response yes
|
||||
icfs_dialogue --set-fake-response-filename "/"
|
||||
openers/opener3 ./protected/haystack >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: OK" ||
|
||||
echo "[ICFS-TEST]: openers/opener3 cannot read protected/haystack/needle despite access being permitted!" # OK
|
||||
|
||||
icfs_dialogue --set-fake-response no
|
||||
icfs_dialogue --set-fake-response-filename "/"
|
||||
openers/opener4 ./protected/haystack >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: openers/opener4 can read files in protected/haystack despite access being denied!" ||
|
||||
echo "[ICFS-TEST]: OK" # EACCESS
|
||||
|
||||
icfs_dialogue --set-fake-response yes_perm
|
||||
icfs_dialogue --set-fake-response-filename "/"
|
||||
openers/opener5 ./protected/haystack/needle >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: OK" ||
|
||||
echo "[ICFS-TEST]: openers/opener5 cannot read protected/haystack/needle despite access being permitted!" # OK
|
||||
|
||||
icfs_dialogue --set-fake-response no # this should be ignored
|
||||
openers/opener5 ./protected/haystack >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: OK" ||
|
||||
echo "[ICFS-TEST]: openers/opener5 cannot read files in protected/haystack despite access being permitted!" # OK
|
||||
|
||||
icfs_dialogue --set-fake-response no_perm
|
||||
icfs_dialogue --set-fake-response-filename "/"
|
||||
openers/opener6 ./protected/haystack/needle >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: openers/opener6 can read protected/haystack/needle despite access being denied!" ||
|
||||
echo "[ICFS-TEST]: OK" # EACCESS
|
||||
|
||||
icfs_dialogue --set-fake-response yes # this should be ignored
|
||||
openers/opener6 ./protected/haystack >/dev/null 2>/dev/null &&
|
||||
echo "[ICFS-TEST]: openers/opener6 can read files in protected/haystack despite access being denied!" ||
|
||||
echo "[ICFS-TEST]: OK" # EACCESS
|
||||
|
||||
# test database access
|
||||
if [[ -r "./.pt.db" || -w "./.pt.db" ]]; then
|
||||
echo "[ICFS-TEST]: permanent permissions is accessible!"
|
||||
if [[ $1 == '--setuid' ]]; then
|
||||
if [[ -r "./.pt.db" || -w "./.pt.db" ]]; then
|
||||
echo "[ICFS-TEST]: permanent permissions database is accessible!"
|
||||
else
|
||||
echo "[ICFS-TEST]: OK"
|
||||
fi
|
||||
else
|
||||
echo "[ICFS-TEST]: OK"
|
||||
echo "[ICFS-TEST]: permanent permissions database access was not tested due to the lack of seuid bit setting capabilites. To test this, run the script with '--setuid' flag"
|
||||
fi
|
||||
|
||||
# unmount
|
||||
|
||||
sleep 0.5
|
||||
#lsof +f -- $(realpath ./protected)
|
||||
umount $(realpath ./protected)
|
||||
umount "$(realpath ./protected)"
|
||||
sleep 0.5
|
||||
|
||||
Reference in New Issue
Block a user