src/main.c

@@ -10,8 +10,6 @@
   See the file LICENSE.
 */
 
-#include <sys/types.h>
-#include <unistd.h>
 #define FUSE_USE_VERSION 31
 
 #define _GNU_SOURCE
@@ -30,17 +28,17 @@ const char *mountpoint = NULL;
 int main(int argc, char *argv[]) {
   umask(0);
 
-  int ret = init_ui_socket();
+  mountpoint = realpath(argv[argc - 1], NULL);
+
+  int ret = source_init(mountpoint);
   if (ret != 0) {
-    fprintf(stderr, "Could not initalize ui-socket.\n");
+    perror("source_init");
     exit(EXIT_FAILURE);
   }
 
-  mountpoint = realpath(argv[argc - 1], NULL);
+  ret = init_ui_socket();
-
-  ret = source_init(mountpoint);
   if (ret != 0) {
-    perror("source_init");
+    fprintf(stderr, "Could not initalize ui-socket.\n");
     exit(EXIT_FAILURE);
   }
 

src/perm_permissions_table.c

@@ -1,24 +1,10 @@
-/*
-  ICFS: Interactively Controlled File System
-  Copyright (C) 2024-2025  Fedir Kovalov
-
-  This program can be distributed under the terms of the GNU GPLv2.
-  See the file LICENSE.
-*/
-
 #include "perm_permissions_table.h"
 #include "process_info.h"
-#include <fcntl.h>
-#include <pthread.h>
 #include <sqlite3.h>
 #include <stddef.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
-#include <sys/fsuid.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <unistd.h>
 
 sqlite3 *perm_database = NULL;
 const char *const table_name = "permissions";
@@ -26,38 +12,6 @@ const char *const table_name = "permissions";
 const int column_count = 2;
 const char *const schema[] = {"executable", "filename"};
 const char *const types[] = {"TEXT", "TEXT"};
-uid_t ruid, euid, current_pid;
-pthread_mutex_t uid_switch = PTHREAD_MUTEX_INITIALIZER;
-
-void set_db_fsuid() {
-  pthread_mutex_lock(&uid_switch);
-  if (current_pid == ruid)
-    return;
-
-  int status = -1;
-
-  status = setfsuid(ruid);
-  if (status < 0) {
-    fprintf(stderr, "Couldn't set uid to %d.\n", ruid);
-    exit(status);
-  }
-  pthread_mutex_unlock(&uid_switch);
-}
-
-void set_real_fsuid() {
-  pthread_mutex_lock(&uid_switch);
-  if (current_pid == ruid)
-    return;
-
-  int status = -1;
-
-  status = setfsuid(ruid);
-  if (status < 0) {
-    fprintf(stderr, "Couldn't set uid to %d.\n", euid);
-    exit(status);
-  }
-  pthread_mutex_unlock(&uid_switch);
-}
 
 static int check_table_col_schema(void *notused, int argc, char **argv,
                                   char **colname) {
@@ -67,16 +21,15 @@ static int check_table_col_schema(void *notused, int argc, char **argv,
     fprintf(stderr, "Unexpected amount of arguments given to the callback.\n");
     return 1;
   }
-  int column_num = atoi(argv[0]);
+  int i = atoi(argv[0]);
-  if (column_num >= column_count) {
+  if (i >= column_count) {
     fprintf(stderr, "Table contains more columns than expected.\n");
     return 1;
   }
-  if (strcmp(schema[column_num], argv[1]) == 0 &&
+  if (strcmp(schema[i], argv[1]) == 0 && strcmp(types[i], argv[2]) == 0) {
-      strcmp(types[column_num], argv[2]) == 0) {
     return 0;
   }
-  fprintf(stderr, "Column %d does not conform to the schema.\n", column_num);
+  fprintf(stderr, "Column %d does not conform to the schema.\n", i);
   return 1;
 }
 
@@ -148,28 +101,14 @@ int ensure_database_schema() {
  * @return: 0 on success, -1 on failure
  */
 int init_perm_permissions_table(const char *db_filename) {
-  // we don't want the group and others to access the db
-  umask(0077);
-  ruid = getuid();
-  euid = geteuid();
-  fprintf(stderr, "Running with uid: %d, gid: %d\n", euid, getegid());
-
   if (sqlite3_open(db_filename, &perm_database)) {
     perror("Can't open permanent permissions database:");
     return -1;
   }
-  umask(0);
   if (ensure_database_schema()) {
     fprintf(stderr, "Database schema is not correct.\n");
     return -1;
   }
-
-  int status = seteuid(ruid);
-  if (status < 0) {
-    fprintf(stderr, "Couldn't set euid to ruid during database setup.\n");
-    exit(status);
-  }
-
   return 0;
 }
 

src/perm_permissions_table.h

@@ -1,10 +1,3 @@
-/*
-  ICFS: Interactively Controlled File System
-  Copyright (C) 2024-2025  Fedir Kovalov
-
-  This program can be distributed under the terms of the GNU GPLv2.
-  See the file LICENSE.
-*/
 
 #ifndef PERM_PERMISSION_TABLE_H
 #define PERM_PERMISSION_TABLE_H

src/process_info.h

@@ -1,10 +1,3 @@
-/*
-  ICFS: Interactively Controlled File System
-  Copyright (C) 2024-2025  Fedir Kovalov
-
-  This program can be distributed under the terms of the GNU GPLv2.
-  See the file LICENSE.
-*/
 
 #ifndef PROCESS_INFO_H
 #define PROCESS_INFO_H

src/sourcefs.c

@@ -33,8 +33,6 @@ int source_init(const char *root_path) {
   int root_fd = open(root_path, O_PATH);
 
   if (root_fd == -1) {
-    fprintf(stderr, "Could not initialize source file system at %s", root_path);
-    perror("");
     return -1;
   }
 

test/test.bash

@@ -16,23 +16,9 @@ PATH="$(realpath ./mock/):$PATH"
 # mount the filesystem
 
 echo "Run $(date -u +%Y-%m-%dT%H:%M:%S) "
-if [[ $1 == "--setuid" ]]; then
-  echo "Setting the setuid bit..."
-  echo "root privilieges are required to create a special user and set correct ownership of the executable."
-  id -u icfs &>/dev/null || sudo useradd --system --user-group icfs
-  sudo chown icfs: ../build/icfs && sudo chmod 4777 ../build/icfs
-  chmod g+w . # needed for icfs to be able to create the database
-  echo "Valgrind will not be used due to setuid compatibility issues."
-  ../build/icfs -o default_permissions ./protected &
-  sleep 1
-else
-  echo "Database protection will not be tested due to the lack of setuid capabilites."
-  echo "To test it, run this script with '--setuid'."
 valgrind -s ../build/icfs -o default_permissions ./protected &
-  sleep 5
-fi
 
-#valgrind -s ../build/icfs -o default_permissions ./protected &
+sleep 5
 
 # WARN: please don't use `>` or `>>` operators. They force **this script** to open the file, **not the program you are trying to run**. This is probably not what you mean when you want to test a specific program's access.
 # WARN: avoid using touch, since it generates errors because setting times is not implemented in icfs **yet**.
@@ -119,13 +105,6 @@ cat ./protected/motto >/dev/null 2>/dev/null &&
   echo "[ICFS-TEST]: OK" ||
   echo "[ICFS-TEST]: echo cannot read protected/motto despite access being permitted!" # OK
 
-# test database access
-if [[ -r "./.pt.db" || -w "./.pt.db" ]]; then
-  echo "[ICFS-TEST]: permanent permissions is accessible!"
-else
-  echo "[ICFS-TEST]: OK"
-fi
-
 # unmount
 
 sleep 0.5