[launchd-changes] [23457] branches/SULeopard/launchd/src/launchctl.c
source_changes at macosforge.org
source_changes at macosforge.org
Fri Dec 7 13:00:10 PST 2007
Revision: 23457
http://trac.macosforge.org/projects/launchd/changeset/23457
Author: zarzycki at apple.com
Date: 2007-12-07 12:59:53 -0800 (Fri, 07 Dec 2007)
Log Message:
-----------
<rdar://problem/5619757> SULeoCeto: Detect and fix bogus permissions on /sbin/launchd
Modified Paths:
--------------
branches/SULeopard/launchd/src/launchctl.c
Modified: branches/SULeopard/launchd/src/launchctl.c
===================================================================
--- branches/SULeopard/launchd/src/launchctl.c 2007-12-07 20:59:06 UTC (rev 23456)
+++ branches/SULeopard/launchd/src/launchctl.c 2007-12-07 20:59:53 UTC (rev 23457)
@@ -148,6 +148,7 @@
static bool do_single_user_mode2(void);
static void read_launchd_conf(void);
static bool job_disabled_logic(launch_data_t obj);
+static void fix_bogus_file_metadata(void);
typedef enum {
BOOTCACHE_START = 1,
@@ -2782,8 +2783,66 @@
*/
assumes(fwexec(remount_tool, true) != -1);
+
+ fix_bogus_file_metadata();
}
+void
+fix_bogus_file_metadata(void)
+{
+ static const struct {
+ const char *path;
+ const uid_t owner;
+ const gid_t group;
+ const mode_t needed_bits;
+ const mode_t bad_bits;
+ } f[] = {
+ { "/sbin/launchd", 0, 0, S_IRUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH, S_ISUID|S_ISGID|S_ISVTX|S_IWOTH },
+ { _PATH_TMP, 0, 0, S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO, S_ISUID|S_ISGID },
+ { _PATH_VARTMP, 0, 0, S_ISTXT|S_IRWXU|S_IRWXG|S_IRWXO, S_ISUID|S_ISGID },
+ };
+ struct stat sb;
+ size_t i;
+
+ for (i = 0; i < (sizeof(f) / sizeof(f[0])); i++) {
+ mode_t i_needed_bits;
+ mode_t i_bad_bits;
+ bool fix_mode = false;
+ bool fix_id = false;
+
+ if (!assumes(stat(f[i].path, &sb) != -1)) {
+ continue;
+ }
+
+ i_needed_bits = ~sb.st_mode & f[i].needed_bits;
+ i_bad_bits = sb.st_mode & f[i].bad_bits;
+
+ if (i_bad_bits) {
+ fprintf(stderr, "Crucial filesystem check: Removing bogus mode bits 0%o on path: %s\n", i_bad_bits, f[i].path);
+ fix_mode = true;
+ }
+ if (i_needed_bits) {
+ fprintf(stderr, "Crucial filesystem check: Adding missing mode bits 0%o on path: %s\n", i_needed_bits, f[i].path);
+ fix_mode = true;
+ }
+ if (sb.st_uid != f[i].owner) {
+ fprintf(stderr, "Crucial filesystem check: Fixing bogus UID %u on path: %s\n", sb.st_uid, f[i].path);
+ fix_id = true;
+ }
+ if (sb.st_gid != f[i].group) {
+ fprintf(stderr, "Crucial filesystem check: Fixing bogus GID %u on path: %s\n", sb.st_gid, f[i].path);
+ fix_id = true;
+ }
+
+ if (fix_mode) {
+ assumes(chmod(f[i].path, (sb.st_mode & ~i_bad_bits) | i_needed_bits) != -1);
+ }
+ if (fix_id) {
+ assumes(chown(f[i].path, f[i].owner, f[i].group) != -1);
+ }
+ }
+}
+
bool
path_check(const char *path)
{
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/launchd-changes/attachments/20071207/e3b12cb3/attachment.html
More information about the launchd-changes
mailing list