fedir/ICFS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: fedir:4ce97555e48f67e27643f4eb5d8ba6f6e8540bb1
Branches Tags
fedir:main
fedir:new-dialogue
fedir:profiling
fedir:setuid
fedir:creation_permissions
fedir:Temp_permission_table
fedir:Testing
fedir:API
fedir:basic-passthough
..
compare: fedir:6342de0dd3fcd0b7dad1dcd81d648931a468f30f
Branches Tags
fedir:main
fedir:new-dialogue
fedir:profiling
fedir:setuid
fedir:creation_permissions
fedir:Temp_permission_table
fedir:Testing
fedir:API
fedir:basic-passthough

No commits in common. "4ce97555e48f67e27643f4eb5d8ba6f6e8540bb1" and "6342de0dd3fcd0b7dad1dcd81d648931a468f30f" have entirely different histories.
4ce97555e4 ... 6342de0dd3

4 changed files with 6 additions and 107 deletions
Show Stats Expand all files Collapse all files

100
src/fuse_operations.c
View File

@ -108,29 +108,7 @@ static int xmp_getattr(const char *path, struct stat *stbuf,
static int xmp_access(const char *path, int mask) { static int xmp_access(const char *path, int mask) {
int res; int res;
// if mask is F_OK, then we don't need to check the permissions res = access(path, mask);
// (is that possible?)
if (mask != F_OK) {
struct process_info pi;
struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid;
pi.UID = fc->uid;
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi)) {
free(pi.name);
return -EACCES;
}
free(pi.name);
}
res = source_access(path, mask);
if (res == -1) if (res == -1)
return -errno; return -errno;
@ -326,30 +304,6 @@ static int xmp_rename(const char *from, const char *to, unsigned int flags) {
if (flags) if (flags)
return -EINVAL; return -EINVAL;
struct process_info pi;
struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid;
pi.UID = fc->uid;
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(from), pi)) {
free(pi.name);
return -EACCES;
}
// the "to" file may exist and the process needs to get persmission to modify
// it
if (source_access(to, F_OK) == 0 &&
!interactive_access(real_filename(to), pi)) {
free(pi.name);
return -EACCES;
}
free(pi.name);
res = source_rename(from, to); res = source_rename(from, to);
if (res == -1) if (res == -1)
return -errno; return -errno;
@ -359,22 +313,6 @@ static int xmp_rename(const char *from, const char *to, unsigned int flags) {
static int xmp_link(const char *from, const char *to) { static int xmp_link(const char *from, const char *to) {
int res; int res;
struct process_info pi;
struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid;
pi.UID = fc->uid;
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(from), pi)) {
free(pi.name);
return -EACCES;
}
// no need to check the access to the "to" file, see link(2)
free(pi.name);
res = source_link(from, to); res = source_link(from, to);
if (res == -1) if (res == -1)
@ -385,20 +323,6 @@ static int xmp_link(const char *from, const char *to) {
static int xmp_chmod(const char *path, mode_t mode, struct fuse_file_info *fi) { static int xmp_chmod(const char *path, mode_t mode, struct fuse_file_info *fi) {
int res; int res;
struct process_info pi;
struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid;
pi.UID = fc->uid;
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi)) {
free(pi.name);
return -EACCES;
}
free(pi.name);
if (fi) if (fi)
res = fchmod(fi->fh, mode); res = fchmod(fi->fh, mode);
@ -410,27 +334,9 @@ static int xmp_chmod(const char *path, mode_t mode, struct fuse_file_info *fi) {
return 0; return 0;
} }
/**
* This filesystem is not designed for multiuser operation (e.g. with
* allow_other) so there is little point in having chown implemnted
*/
static int xmp_chown(const char *path, uid_t uid, gid_t gid, static int xmp_chown(const char *path, uid_t uid, gid_t gid,
struct fuse_file_info *fi) { struct fuse_file_info *fi) {
int res; int res;
struct process_info pi;
struct fuse_context *fc = fuse_get_context();
pi.PID = fc->pid;
pi.UID = fc->uid;
pi.name = get_process_name_by_pid(pi.PID);
// fprintf(stderr, "%s, %d\n", path, ask_access(path, pi));
if (!interactive_access(real_filename(path), pi)) {
free(pi.name);
return -EACCES;
}
free(pi.name);
if (fi) if (fi)
res = fchown(fi->fh, uid, gid); res = fchown(fi->fh, uid, gid);
@ -754,7 +660,7 @@ static off_t xmp_lseek(const char *path, off_t off, int whence,
static const struct fuse_operations xmp_oper = { static const struct fuse_operations xmp_oper = {
.init = xmp_init, .init = xmp_init,
.getattr = xmp_getattr, .getattr = xmp_getattr,
.access = xmp_access, // .access = xmp_access,
.readlink = xmp_readlink, .readlink = xmp_readlink,
.opendir = xmp_opendir, .opendir = xmp_opendir,
.readdir = xmp_readdir, .readdir = xmp_readdir,
@ -770,7 +676,7 @@ static const struct fuse_operations xmp_oper = {
.chown = xmp_chown, .chown = xmp_chown,
.truncate = xmp_truncate, .truncate = xmp_truncate,
#ifdef HAVE_UTIMENSAT #ifdef HAVE_UTIMENSAT
// .utimens = xmp_utimens, // .utimens = xmp_utimens,
#endif #endif
.create = xmp_create, .create = xmp_create,
.open = xmp_open, .open = xmp_open,

5
src/sourcefs.c
View File

@ -66,11 +66,6 @@ int source_symlink(const char *target, const char *linkpath) {
return symlinkat(target, handle.root_fd, relative_linkpath); return symlinkat(target, handle.root_fd, relative_linkpath);
} }
int source_access(const char *filename, int mode) {
const char *relative_filename = source_filename_translate(filename);
return faccessat(handle.root_fd, relative_filename, mode, 0);
}
DIR *source_opendir(const char *filename) { DIR *source_opendir(const char *filename) {
const char *relative_filename = source_filename_translate(filename); const char *relative_filename = source_filename_translate(filename);
int fd = openat(handle.root_fd, relative_filename, 0); int fd = openat(handle.root_fd, relative_filename, 0);

2
src/sourcefs.h
View File

@ -47,8 +47,6 @@ int source_chown(const char *filename, uid_t owner, gid_t group);
int source_truncate(const char *filename, off_t length); int source_truncate(const char *filename, off_t length);
int source_access(const char *filename, int mode);
/* `open` and `create` are designed to correspond to fuse operations, not the /* `open` and `create` are designed to correspond to fuse operations, not the
* libc's `open(2)`. Both of them actually call `openat`. */ * libc's `open(2)`. Both of them actually call `openat`. */

6
test/test.bash
View File

@ -4,7 +4,7 @@
rm -rf ./protected rm -rf ./protected
mkdir protected mkdir protected
touch ./protected/do-not-remove ./protected/should-be-removed ./protected/truth ./protected/perm000 ./protected/perm777 ./protected/should-be-renamed ./protected/do-not-rename touch ./protected/do-not-remove ./protected/should-be-removed ./protected/truth ./protected/perm000 ./protected/perm777 ./protected/this-name-is-wrong
chmod 777 ./protected/perm777 ./protected/perm000 chmod 777 ./protected/perm777 ./protected/perm000
echo "Free code, free world." >./protected/motto echo "Free code, free world." >./protected/motto
@ -70,11 +70,11 @@ rm ./protected/should-be-removed >/dev/null 2>/dev/null &&
# rename files # rename files
zenity --set-fake-response no zenity --set-fake-response no
mv ./protected/do-not-rename ./protected/terrible-name 2>/dev/null && mv ./protected/truth ./protected/lie 2>/dev/null &&
echo "[ICFS-TEST]: mv can rename protected/truth despite access being denied!" || echo "[ICFS-TEST]: mv can rename protected/truth despite access being denied!" ||
echo "[ICFS-TEST]: OK" # EACCESS echo "[ICFS-TEST]: OK" # EACCESS
zenity --set-fake-response yes_tmp zenity --set-fake-response yes_tmp
mv ./protected/should-be-renamed ./protected/great-name 2>/dev/null && mv ./protected/this-name-is-wrong ./protected/this-name-is-correct 2>/dev/null &&
echo "[ICFS-TEST]: OK" || echo "[ICFS-TEST]: OK" ||
echo "[ICFS-TEST]: mv cannot rename should-be-removed to renamed-file despite access being permitted!" # OK echo "[ICFS-TEST]: mv cannot rename should-be-removed to renamed-file despite access being permitted!" # OK