From 4550e601441bd9e9e4617db4736b4504e90d424d Mon Sep 17 00:00:00 2001 From: Jim Warner Date: Sat, 2 Jun 2018 00:00:00 -0500 Subject: [PATCH] top: Do not default to the cwd in configs_r... Tweaked While it's only documented (so far) in commit text and an occasional email I've tried to maintain some coding standards primarily for reference/navigation purposes. They also served, I felt, as useful mental challenges. Someday I will get around to formerly documenting them but in the meantime here are the ones for this commit: . functions are grouped into logical (i hope) sections . functions & sections are ordered to avoid prototypes . function names are alphabetical within every section . all functions & sections must be referenced in top.h This patch just attempts to honor the above standards, while also covering this new behavior in the man page. [ please note that the net result of these 2 patches ] [ is simply to avoid pathname truncations should our ] [ limit of 1024 be exceeded. they do not have a role ] [ in solving the 'local privilege escalation' issue. ] [ and we can never prevent a user from setting their ] [ HOME var to a directory writable by some attacker! ] [ the only real protection for that CVE-2018-1122 is ] [ those soon to be enhanced rcfile integrity checks, ] [ achieved through several of the following patches. ] Reference(s): . original qualys patch 0097-top-Do-not-default-to-the-cwd-in-configs_read.patch Signed-off-by: Jim Warner --- top/top.1 | 6 +++--- top/top.c | 31 ++++++++++++++++++------------- top/top.h | 3 ++- 3 files changed, 23 insertions(+), 17 deletions(-) diff --git a/top/top.1 b/top/top.1 index 7f9170e3..9f364e46 100644 --- a/top/top.1 +++ b/top/top.1 @@ -67,7 +67,7 @@ . .\" Document ///////////////////////////////////////////////////////////// .\" ---------------------------------------------------------------------- -.TH TOP 1 "February 2018" "procps-ng" "User Commands" +.TH TOP 1 "May 2018" "procps-ng" "User Commands" .\" ---------------------------------------------------------------------- .\" ---------------------------------------------------------------------- @@ -2181,8 +2181,8 @@ While not intended to be edited manually, here is the general layout: " # discussed below .fi -If the $HOME and $XDG_CONFIG_HOME variables are not present, \*(We will try -to write the personal \*(CF in the current directory, subject to permissions. +If a valid absolute path to the rcfile cannot be established, customizations +made to a running \*We will be impossible to preserve. .\" ...................................................................... .SS 6b. ADDING INSPECT Entries diff --git a/top/top.c b/top/top.c index 0629b1b3..004d2428 100644 --- a/top/top.c +++ b/top/top.c @@ -3219,7 +3219,7 @@ static int config_cvt (WIN_t *q) { /* - * A configs_read *Helper* function responsible for processing + * A configs_reads *Helper* function responsible for processing * a configuration file (personal or system-wide default) */ static const char *config_file (FILE *fp, const char *name, float *delay) { char fbuf[LRGBUFSIZ]; @@ -3365,19 +3365,24 @@ error Hey, fix the above fscanf 'PFLAGSSIZ' dependency ! } // end: config_file -static int snprintf_Rc_name (const char *const format, ...) __attribute__((format(printf,1,2))); -static int snprintf_Rc_name (const char *const format, ...) { + /* + * A configs_reads *Helper* function responsible for ensuring the + * complete path was established, otherwise force the 'W' to fail */ +static int configs_path (const char *const fmts, ...) __attribute__((format(printf,1,2))); +static int configs_path (const char *const fmts, ...) { int len; va_list ap; - va_start(ap, format); - len = vsnprintf(Rc_name, sizeof(Rc_name), format, ap); + + va_start(ap, fmts); + len = vsnprintf(Rc_name, sizeof(Rc_name), fmts, ap); va_end(ap); if (len <= 0 || (size_t)len >= sizeof(Rc_name)) { Rc_name[0] = '\0'; - return 0; + len = 0; } return len; -} +} // end: configs_path + /* * Try reading up to 3 rcfiles @@ -3395,7 +3400,7 @@ static int snprintf_Rc_name (const char *const format, ...) { * Any remaining lines are devoted to the 'Inspect Other' feature * 3. 'SYS_RCDEFAULTS' system-wide defaults if 'Rc_name' absent * format is identical to #2 above */ -static void configs_read (void) { +static void configs_reads (void) { float tmp_delay = DEF_DELAY; const char *p, *p_home; FILE *fp; @@ -3422,7 +3427,7 @@ static void configs_read (void) { } } if (p_home) { - snprintf_Rc_name("%s/.%src", p_home, Myname); + configs_path("%s/.%src", p_home, Myname); } if (!(fp = fopen(Rc_name, "r"))) { @@ -3433,9 +3438,9 @@ static void configs_read (void) { p = fmtmk("%s/.config", p_home); (void)mkdir(p, 0700); } - if (!snprintf_Rc_name("%s/procps", p)) goto system_default; + if (!configs_path("%s/procps", p)) goto system_default; (void)mkdir(Rc_name, 0700); - if (!snprintf_Rc_name("%s/procps/%src", p, Myname)) goto system_default; + if (!configs_path("%s/procps/%src", p, Myname)) goto system_default; fp = fopen(Rc_name, "r"); } @@ -3469,7 +3474,7 @@ default_or_error: #else error_exit(p); #endif -} // end: configs_read +} // end: configs_reads /* @@ -5574,7 +5579,7 @@ int main (int dont_care_argc, char **argv) { before(*argv); // +-------------+ wins_stage_1(); // top (sic) slice - configs_read(); // > spread etc, < + configs_reads(); // > spread etc, < parse_args(&argv[1]); // > lean stuff, < whack_terminal(); // > onions etc. < wins_stage_2(); // as bottom slice diff --git a/top/top.h b/top/top.h index 4c6238b8..24d841e7 100644 --- a/top/top.h +++ b/top/top.h @@ -624,7 +624,8 @@ typedef struct WIN_t { //atic void before (char *me); //atic int config_cvt (WIN_t *q); //atic const char *config_file (FILE *fp, const char *name, float *delay); -//atic void configs_read (void); +//atic int configs_path (const char *const fmts, ...); +//atic void configs_reads (void); //atic void parse_args (char **args); //atic void whack_terminal (void); /*------ Windows/Field Groups support ----------------------------------*/