emo/procps
1
0
Fork 0
Code Issues Pull Requests Packages Releases Activity

top: Do not default to the cwd in configs_r... Tweaked

Browse Source 
While it's only documented (so far) in commit text and
an occasional email I've tried to maintain some coding
standards primarily for reference/navigation purposes.
They also served, I felt, as useful mental challenges.

Someday I will get around to formerly documenting them
but in the meantime here are the ones for this commit:

. functions are grouped into logical (i hope) sections
. functions & sections are ordered to avoid prototypes
. function names are alphabetical within every section
. all functions & sections must be referenced in top.h

This patch just attempts to honor the above standards,
while also covering this new behavior in the man page.

[ please note that the net result of these 2 patches ]
[ is simply to avoid pathname truncations should our ]
[ limit of 1024 be exceeded. they do not have a role ]
[ in solving the 'local privilege escalation' issue. ]

[ and we can never prevent a user from setting their ]
[ HOME var to a directory writable by some attacker! ]

[ the only real protection for that CVE-2018-1122 is ]
[ those soon to be enhanced rcfile integrity checks, ]
[ achieved through several of the following patches. ]

Reference(s):
. original qualys patch
0097-top-Do-not-default-to-the-cwd-in-configs_read.patch

Signed-off-by: Jim Warner <james.warner@comcast.net>
This commit is contained in:
Jim Warner 2018-06-02 00:00:00 -05:00 committed by Craig Small
parent e051535686
commit 4550e60144
3 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
top/top.1
View File

@ -67,7 +67,7 @@
. .
.\" Document ///////////////////////////////////////////////////////////// .\" Document /////////////////////////////////////////////////////////////
.\" ---------------------------------------------------------------------- .\" ----------------------------------------------------------------------
.TH TOP 1 "February 2018" "procps-ng" "User Commands" .TH TOP 1 "May 2018" "procps-ng" "User Commands"
.\" ---------------------------------------------------------------------- .\" ----------------------------------------------------------------------
.\" ---------------------------------------------------------------------- .\" ----------------------------------------------------------------------
@ -2181,8 +2181,8 @@ While not intended to be edited manually, here is the general layout:
" # discussed below " # discussed below
.fi .fi
If the $HOME and $XDG_CONFIG_HOME variables are not present, \*(We will try If a valid absolute path to the rcfile cannot be established, customizations
to write the personal \*(CF in the current directory, subject to permissions. made to a running \*We will be impossible to preserve.
.\" ...................................................................... .\" ......................................................................
.SS 6b. ADDING INSPECT Entries .SS 6b. ADDING INSPECT Entries

31
top/top.c
View File

@ -3219,7 +3219,7 @@ static int config_cvt (WIN_t *q) {
/* /*
* A configs_read *Helper* function responsible for processing * A configs_reads *Helper* function responsible for processing
* a configuration file (personal or system-wide default) */ * a configuration file (personal or system-wide default) */
static const char *config_file (FILE *fp, const char *name, float *delay) { static const char *config_file (FILE *fp, const char *name, float *delay) {
char fbuf[LRGBUFSIZ]; char fbuf[LRGBUFSIZ];
@ -3365,19 +3365,24 @@ error Hey, fix the above fscanf 'PFLAGSSIZ' dependency !
} // end: config_file } // end: config_file
static int snprintf_Rc_name (const char *const format, ...) __attribute__((format(printf,1,2))); /*
static int snprintf_Rc_name (const char *const format, ...) { * A configs_reads *Helper* function responsible for ensuring the
* complete path was established, otherwise force the 'W' to fail */
static int configs_path (const char *const fmts, ...) __attribute__((format(printf,1,2)));
static int configs_path (const char *const fmts, ...) {
int len; int len;
va_list ap; va_list ap;
va_start(ap, format);
len = vsnprintf(Rc_name, sizeof(Rc_name), format, ap); va_start(ap, fmts);
len = vsnprintf(Rc_name, sizeof(Rc_name), fmts, ap);
va_end(ap); va_end(ap);
if (len <= 0 || (size_t)len >= sizeof(Rc_name)) { if (len <= 0 || (size_t)len >= sizeof(Rc_name)) {
Rc_name[0] = '\0'; Rc_name[0] = '\0';
return 0; len = 0;
} }
return len; return len;
} } // end: configs_path
/* /*
* Try reading up to 3 rcfiles * Try reading up to 3 rcfiles
@ -3395,7 +3400,7 @@ static int snprintf_Rc_name (const char *const format, ...) {
* Any remaining lines are devoted to the 'Inspect Other' feature * Any remaining lines are devoted to the 'Inspect Other' feature
* 3. 'SYS_RCDEFAULTS' system-wide defaults if 'Rc_name' absent * 3. 'SYS_RCDEFAULTS' system-wide defaults if 'Rc_name' absent
* format is identical to #2 above */ * format is identical to #2 above */
static void configs_read (void) { static void configs_reads (void) {
float tmp_delay = DEF_DELAY; float tmp_delay = DEF_DELAY;
const char *p, *p_home; const char *p, *p_home;
FILE *fp; FILE *fp;
@ -3422,7 +3427,7 @@ static void configs_read (void) {
} }
} }
if (p_home) { if (p_home) {
snprintf_Rc_name("%s/.%src", p_home, Myname); configs_path("%s/.%src", p_home, Myname);
} }
if (!(fp = fopen(Rc_name, "r"))) { if (!(fp = fopen(Rc_name, "r"))) {
@ -3433,9 +3438,9 @@ static void configs_read (void) {
p = fmtmk("%s/.config", p_home); p = fmtmk("%s/.config", p_home);
(void)mkdir(p, 0700); (void)mkdir(p, 0700);
} }
if (!snprintf_Rc_name("%s/procps", p)) goto system_default; if (!configs_path("%s/procps", p)) goto system_default;
(void)mkdir(Rc_name, 0700); (void)mkdir(Rc_name, 0700);
if (!snprintf_Rc_name("%s/procps/%src", p, Myname)) goto system_default; if (!configs_path("%s/procps/%src", p, Myname)) goto system_default;
fp = fopen(Rc_name, "r"); fp = fopen(Rc_name, "r");
} }
@ -3469,7 +3474,7 @@ default_or_error:
#else #else
error_exit(p); error_exit(p);
#endif #endif
} // end: configs_read } // end: configs_reads
/* /*
@ -5574,7 +5579,7 @@ int main (int dont_care_argc, char **argv) {
before(*argv); before(*argv);
// +-------------+ // +-------------+
wins_stage_1(); // top (sic) slice wins_stage_1(); // top (sic) slice
configs_read(); // > spread etc, < configs_reads(); // > spread etc, <
parse_args(&argv[1]); // > lean stuff, < parse_args(&argv[1]); // > lean stuff, <
whack_terminal(); // > onions etc. < whack_terminal(); // > onions etc. <
wins_stage_2(); // as bottom slice wins_stage_2(); // as bottom slice

3
top/top.h
View File

@ -624,7 +624,8 @@ typedef struct WIN_t {
//atic void before (char *me); //atic void before (char *me);
//atic int config_cvt (WIN_t *q); //atic int config_cvt (WIN_t *q);
//atic const char *config_file (FILE *fp, const char *name, float *delay); //atic const char *config_file (FILE *fp, const char *name, float *delay);
//atic void configs_read (void); //atic int configs_path (const char *const fmts, ...);
//atic void configs_reads (void);
//atic void parse_args (char **args); //atic void parse_args (char **args);
//atic void whack_terminal (void); //atic void whack_terminal (void);
/*------ Windows/Field Groups support ----------------------------------*/ /*------ Windows/Field Groups support ----------------------------------*/