sysvinit/killproc-2.19.dif

152 lines
4.0 KiB
Plaintext

--- libinit.c
+++ libinit.c 2011-03-03 13:45:42.976427260 +0000
@@ -669,6 +669,7 @@ int pidof (const char * inname, const ch
boolean isscrpt = false;
unsigned num = 0;
pid_t pid;
+ uid_t uid;
char *swapname = NULL;
char *fullname = (char *)inname;
char *realname = NULL;
@@ -677,6 +678,7 @@ int pidof (const char * inname, const ch
p_pid = getpid();
p_ppid = getppid();
+ uid = getuid();
dir = openproc(); /* Open /proc and maybe do mount before */
p_pppid = getpppid(p_ppid); /* Requires existence of /proc */
@@ -773,6 +775,13 @@ int pidof (const char * inname, const ch
if (prefix) {
if ((rll = readlinkat(dfd, here(d->d_name, "exe"), entry, PATH_MAX)) < 0) {
+ if (uid && (errno == EACCES || errno == EPERM)) {
+ errno = 0;
+ if (fstatat(dfd, d->d_name, &pid_st, 0) < 0)
+ continue;
+ if (pid_st.st_uid == uid)
+ goto risky;
+ }
if (errno != EPERM && errno != EACCES)
goto risky;
continue;
@@ -809,6 +818,13 @@ int pidof (const char * inname, const ch
if (!name) {
if ((rll = readlinkat(dfd, here(d->d_name, "exe"), entry, PATH_MAX)) < 0) {
+ if (uid && (errno == EACCES || errno == EPERM)) {
+ errno = 0;
+ if (fstatat(dfd, d->d_name, &pid_st, 0) < 0)
+ continue;
+ if (pid_st.st_uid == uid)
+ goto risky;
+ }
if (errno != EPERM && errno != EACCES)
goto risky;
continue;
@@ -825,7 +841,6 @@ int pidof (const char * inname, const ch
if (realname && strncmp(realname, name, PATH_MAX) == 0)
found = true;
-
break;
}
@@ -942,12 +957,15 @@ int verify_pidfile (const char * pid_fil
ssize_t cnt;
boolean isscrpt = false;
pid_t pid;
+ uid_t uid;
char *swapname = NULL, *bufp;
char *fullname = (char *)inname;
char *realname = NULL;
struct stat pid_st, full_st;
char buf[BUFSIZ];
+ uid = getuid();
+
if (!ignore) {
list_t *m, *n;
list_for_each_safe(m, n, &remember) {
@@ -1041,14 +1059,23 @@ int verify_pidfile (const char * pid_fil
}
errno = 0;
- if (!(flags & (KTHREAD|KSHORT)) && !isscrpt &&
- (stat(proc(buf, "exe"), &pid_st) == 0)) {
-
+ if (!(flags & (KTHREAD|KSHORT)) && !isscrpt) {
char entry[PATH_MAX+1];
const char *name;
boolean found;
ssize_t rll;
+ if (stat(proc(buf, "exe"), &pid_st) < 0) {
+ if (uid && (errno == EACCES || errno == EPERM)) {
+ errno = 0;
+ if (stat(proc(buf, ""), &pid_st) < 0)
+ goto out;
+ if (pid_st.st_uid == uid)
+ goto risky;
+ }
+ goto out;
+ }
+
if (pid_st.st_dev != full_st.st_dev)
goto out;
@@ -1087,6 +1114,7 @@ int verify_pidfile (const char * pid_fil
goto out;
}
+risky:
if (errno && errno != ENOENT) {
warn("Can not read %s: %s\n", procbuf, strerror(errno));
@@ -1162,8 +1190,11 @@ int check_pids (const char * inname, con
const char *pid;
struct stat pid_st, full_st;
list_t *m, *n;
+ uid_t uid;
int fp;
+ uid = getuid();
+
if (!fullname) {
warn("program or process name required\n");
return -1;
@@ -1228,13 +1259,22 @@ int check_pids (const char * inname, con
/* killproc and daemon/startproc should use the full path */
errno = 0;
- if (!(flags & (KTHREAD|KSHORT)) && !isscrpt &&
- (stat(proc(pid, "exe"), &pid_st) == 0)) {
-
+ if (!(flags & (KTHREAD|KSHORT)) && !isscrpt) {
char entry[PATH_MAX+1];
const char *name;
ssize_t rll;
+ if (stat(proc(pid, "exe"), &pid_st) < 0) {
+ if (uid && (errno == EACCES || errno == EPERM)) {
+ errno = 0;
+ if (stat(proc(pid, ""), &pid_st) < 0)
+ goto ignore;
+ if (pid_st.st_uid == uid)
+ goto risky;
+ }
+ goto ignore;
+ }
+
if (pid_st.st_dev != full_st.st_dev)
goto ignore; /* Does not belong to rembered list */
@@ -1267,6 +1307,7 @@ int check_pids (const char * inname, con
skip = true; /* No stat entry check needed */
}
+risky:
if (!(flags & (KTHREAD|KSHORT)) && isscrpt &&
(fp = open(proc(pid, "cmdline"), O_PROCMODE)) != -1) {