Commit Graph

3403 Commits

Author SHA1 Message Date
Johannes Heimansberg
47819f004c start-stop-daemon, supervise-daemon: fix parsing of usernames passed via --user that start with a number
start-stop-daemon and supervise-daemon parse usernames and group names
passed via the --user argument as numeric UID/GID if they start with a
number (e.g. user "4foo" will be treated as UID 4). This results in the
process that is being started to run under a totally unexpected user if
that UID exists.

Even though the result of the sscanf calls are tested for a result of
exactly 1, which means exactly one value was extracted, because sscanf's
format string only contains only one placeholder, it will never return
a value greater than 1, even if there are still characters left to be
parsed. This causes start-stop-daemon and supervise-daemon to assume
that usernames starting with a number are just that number. Adding a
second placeholder "%1s" to the format string, which matches a string of
length 1, makes sure that sscanf can distinguish between pure numbers
(in which case it will return 1) and strings either starting with a
number (in which case it will return 2) and any other string (in which
case it will return 0).

This fixes #379.
This fixes #380.
2020-11-27 16:40:12 -06:00
William Hubbs
0fab3e837b bootmisc: allow sysvinit compatibility during shutdown
Use "halt -w" to write the halt record if it exists.
Otherwise use openrc-shutdown.

This fixes #336.
2020-11-27 15:18:57 -06:00
William Hubbs
38aaba28ee scripts/shutdown.in: fix sysvinit compatible shutdown
X-Gentoo-Bug: https://bugs.gentoo.org/755422
2020-11-20 14:57:04 -06:00
William Hubbs
3ed4126a31 update news for 0.43 with info on checkpath fix 2020-11-20 10:00:34 -06:00
Lars Wendler
aa0fdf6d08 start-stop-daemon: Don't segfault if --exec was given a non-existing file name
Starting program: /sbin/start-stop-daemon --start --exec i-dont-exist

  Program received signal SIGSEGV, Segmentation fault.
  0x0000555555559053 in main (argc=1, argv=0x7fffffffdc20)
      at start-stop-daemon.c:631
  631                         *exec_file ? exec_file : exec);

This fixes #385.
2020-11-20 09:22:18 -06:00
William Hubbs
b6fef599bf checkpath: fix CVE-2018-21269
This walks the directory path to the file we are going to manipulate to make
sure that when we create the file and change the ownership and permissions
we are working on the same file.
Also, all non-terminal symbolic links must be owned by root. This will
keep a non-root user from making a symbolic link as described in the
bug. If root creates the symbolic link, it is assumed to be trusted.

On non-linux platforms, we no longer follow non-terminal symbolic links
by default. If you need to do that, add the -s option on the checkpath
command line, but keep in mind that this is not secure.

This fixes #201.
2020-11-20 09:15:59 -06:00
Julien Surloppe
aac1734a70 Update user-guide.md
Add missing underscore.
2020-11-01 15:45:12 -05:00
William Hubbs
2355f1a3f2 supervise-daemon: only log debug logs when verbose mode is active 2020-09-25 16:33:32 -05:00
Manuel Rüger
fbec1eed51 .cirrus.yml: Update FreeBSD releases
Signed-off-by: Manuel Rüger <manuel@rueg.eu>
2020-04-19 13:15:35 +02:00
Austin English
229692cc34 man/openrc-run.8: fix a typo 2020-02-05 12:37:46 -05:00
Sergei Trofimovich
375ef42393 src/rc/rc-logger.h: fix build failure against gcc-10
On gcc-10 (and gcc-9 -fno-common) build fails as:

```
cc  -L../librc -L../libeinfo -O2 -g -std=c99 -Wall -Wextra -Wimplicit -Wshadow \
  -Wformat=2 -Wmissing-prototypes -Wmissing-declarations -Wmissing-noreturn \
  -Wmissing-format-attribute -Wnested-externs -Winline -Wwrite-strings \
  -Wcast-align -Wcast-qual -Wpointer-arith -Wdeclaration-after-statement \
  -Wsequence-point -Werror=implicit-function-declaration    \
  -Wl,-rpath=/lib   -o openrc rc.o rc-logger.o rc-misc.o rc-plugin.o _usage.o -lutil -lrc -leinfo -Wl,-Bdynamic -ldl
ld: rc-logger.o:/home/slyfox/dev/git/openrc/src/rc/rc-logger.h:16:
  multiple definition of `rc_logger_pid'; rc.o:openrc/src/rc/rc-logger.h:16: first defined here
ld: rc-logger.o:/home/slyfox/dev/git/openrc/src/rc/rc-logger.h:17:
  multiple definition of `rc_logger_tty'; rc.o:openrc/src/rc/rc-logger.h:17: first defined here
```

gcc-10 will change the default from -fcommon to fno-common:
https://gcc.gnu.org/PR85678.

The error also happens if CFLAGS=-fno-common passed explicitly.

This fixes #348.
2020-01-19 16:52:21 -06:00
Wolf
6deda13754 supervise-daemon: Fix segfault when executable does not exist
When executable is provided just by name (and therefore searched in a
path), exec_file is reset to NULL every time. exists() handles it being
NULL just fine, but dereferencing it in eerror does not work.

Fixes #326
Fixes #327
2020-01-11 13:36:33 -06:00
artoo
eb61085951 binfmt: ensure a file is ungegistered before registering
This fixes #328
2020-01-11 13:32:38 -06:00
Andrew Scheller
039845b742 Fix typo in README
This fixes #338
2020-01-11 12:16:19 -06:00
Ethan Sommer
a7e7fd2b37 make grep usage POSIX compliant
use grep -E instead of egrep
check for space or end of line instead of GNU-specific word boundary

This fixes #345
2020-01-11 12:09:10 -06:00
Jason Bowen
12e147a107 Delete stray text.
It looks like some stray text was left at the bottom of the file:
```
package.
migrating your system to openrc-init.
```
There's a subsection on migrating a system to `openrc-ini`; perhaps this was
an embryonic section title?

This fixes #347.
2020-01-11 11:15:56 -06:00
William Hubbs
fd852865e0 openrc-shutdown.c: typo fix 2019-12-05 12:11:08 -06:00
William Hubbs
35ec935741 ci/travis.sh: run shellcheck on shell scripts 2019-10-28 18:42:10 -05:00
Austin English
19cfd82dad .travis.yml: install shellcheck 2019-10-28 16:48:40 -05:00
E5ten
87cfad3d6c cgroup2_set_limits: verify that the cgroup2 path is a mount point
prior to cgroups getting mounted, /sys/fs/cgroup will still exist,
but attempts to make directories in it will fail, change cgroup2_set_limits() to
verify that cgroups are mounted instead of just checking that /sys/fs/cgroup
exists.

This fixes #307.
This fixes #321.
2019-09-03 16:38:03 -05:00
William Hubbs
8e31614c4b fix clang build 2019-08-20 16:06:46 -05:00
William Hubbs
a177d15641 version 0.42 2019-08-20 13:13:30 -05:00
William Hubbs
2b4c486043 Update ChangeLog 2019-08-20 13:09:50 -05:00
William Hubbs
ed24d28163 update sysvinit support files 2019-08-20 13:08:44 -05:00
William Hubbs
1bc96141e6 fix single user mode 2019-08-19 14:55:54 -05:00
William Hubbs
c7000aeaab optimize loops for installing gettys 2019-08-15 18:40:51 -05:00
William Hubbs
5c5129b534 Remove "single" runlevel directory
Single user mode should be handled in the init process directly.
2019-08-15 18:40:51 -05:00
William Hubbs
0dabda6f6f fix sysvinit compatibility
This allows openrc to direct sysvinit to shut down the system by setting
the INIT_HALT environment variable appropriately. Also, we do not try to
communicate with sysvinit if its fifo does not exist.
2019-08-15 12:02:30 -05:00
William Hubbs
92de9a693b Add documentation for openrc-init and update the NEWS file 2019-08-02 16:29:03 -05:00
William Hubbs
a71aebcae1 init.d/agetty: provide the getty virtual service 2019-07-29 17:39:11 -05:00
William Hubbs
61596b16d2 Install gettys if the MKSYSVINIT switch is set to yes
The default is to put one getty in the "single" runlevel and 6 in the
"default" runlevel.
2019-07-29 17:38:47 -05:00
William Hubbs
104eb3420b Add the "single" runlevel 2019-07-29 16:27:14 -05:00
Chloe Kudryavtsev
70b8df3e9c clarify supervise-daemon-guide
1. The given default for respawn_max is wrong.
2. The example for respawn_period is nonsensical.

This fixes #311.
2019-07-26 12:52:52 -05:00
William Hubbs
cac41092e4 add ability for openrc-shutdown to communicate with sysvinit
This fixes #315.
2019-07-25 14:47:18 -05:00
Martin Wilke
7ddc281ab6 Fix build with Clang
This fixes #313.
2019-07-24 12:32:23 -05:00
William Hubbs
c092ff6da1 Add Sony Interactive Entertainment as an author 2019-07-22 10:46:32 -05:00
William Hubbs
54780a4582 supervise-daemon: allow --respawn-max to be zero 2019-03-29 14:09:08 -05:00
William Hubbs
44f5a72d1a remove hidden-visibility.h
I am removing this on the advice of a member of the Gentoo toolchain
team. It was explained to me that this doesn't offer any significant
benefits to OpenRC.

If anyone ffeels differently, please open a pull request reverting
this and adding an explanation of what it does and how to know which
functions to mark hidden in the future.

This fixes #301.
2019-02-26 17:47:55 -06:00
William Hubbs
0d378974bf openrc-init: fix waitpid checks
The do_openrc() function was not waiting properly for the child process
which started the runlevel to return. We need to repeatedly call
waitpid() until its return value matches the pid of the child process or
the child process does not exist.

This fixes #216.
This fixes #300.
2019-02-25 18:55:13 -06:00
William Hubbs
028da5c2e3 librc: fix potential buffer overflow in pid_is_argv
This fixes #299.
2019-02-23 17:44:07 -06:00
William Hubbs
d8dbb890aa Revert "src/librc/librc-daemon.c: fix buffer overrun in pid_is_argv"
This reverts commit 084877eb52.
The mentioned commit caused some systems to have some services reported
as crashed.

This fixes #297.
This fixes #298.
2019-02-23 16:24:55 -06:00
William Hubbs
56c006ebd6 Update ChangeLog 2019-02-22 19:03:41 -06:00
William Hubbs
067088bbff move ci scripts to their own directory
This fixes #296.
2019-02-22 18:50:13 -06:00
William Hubbs
52d4e56674 combine test directories
This fixes #295.
2019-02-22 18:08:19 -06:00
William Hubbs
6e6902c28b remove unused test ignore patterns 2019-02-22 16:27:52 -06:00
William Hubbs
084823182a remove unused test data files 2019-02-22 13:25:51 -06:00
Georgy Yakovlev
7478c104fc librc/librc-depend.c: fix NULL pointer dereference
In some cases deptree or depinfo can be NULL, check
before dereferencing.

Fixes https://github.com/OpenRC/openrc/issues/293
Fixes https://github.com/OpenRC/openrc/pulls/294
X-Gentoo-Bug: 659906
X-Gentoo-Bug-URL: https://bugs.gentoo.org/659906
2019-02-21 17:49:54 -06:00
Georgy Yakovlev
065b7ecc0d use cirrus-ci for FreeBSD builds
This fixes #265.
2019-02-19 13:59:01 -06:00
Sergei Trofimovich
b054aca50b src/test/runtests.sh: drop 'readelf'-based tests
The 'readelf'-based tests cover a few situations:
1. undefined symbols in shared libraries
2. unexpected exports in shared libraries

Bug #575958 shows that [2.] implementation is too simplistic
in assuming that presence of relocation equals to export presence.

It is incorrect for PLT stubs and local symbols.
Let's just drop these tests.

If one needs to cover [1.] it is better to use LDFLAGS=-Wl,--no-undefined.

This closes #292.

X-Reported-by: Benda Xu
X-Gentoo-Bug: https://bugs.gentoo.org/575958
X-Gentoo-Bug-URL: https://bugs.gentoo.org/575958
2019-02-19 11:50:11 -06:00
William Hubbs
f9e7a00ba9 rc-status: style fixes 2019-02-15 20:36:46 -06:00