Description:
added /dev/urandom to file allowed to be accessed, probably needed after ubuntu 9.04
git-svn-id: http://theory.cpe.ku.ac.th/grader/judge/trunk/scripts@417 6386c4cd-e34a-4fa8-8920-d93eb39b512e
Commit status:
[Not Reviewed]
References:
Diff options:
Comments:
0 Commit comments
0 Inline Comments
Unresolved TODOs:
There are no unresolved TODOs
Author
jittat
-
r76:4469d653fe5f - - 1 file changed: 1 inserted, 0 deleted
| @@ -142,96 +142,97 | |||||
|
|
142 | if (file_access >= 9) |
|
142 | if (file_access >= 9) |
|
|
143 | return; |
|
143 | return; |
|
|
144 |
|
144 | ||
|
|
145 | if (!mem_fd) |
|
145 | if (!mem_fd) |
|
|
146 | { |
|
146 | { |
|
|
147 | sprintf(namebuf, "/proc/%d/mem", (int) box_pid); |
|
147 | sprintf(namebuf, "/proc/%d/mem", (int) box_pid); |
|
|
148 | mem_fd = open(namebuf, O_RDONLY); |
|
148 | mem_fd = open(namebuf, O_RDONLY); |
|
|
149 | if (mem_fd < 0) |
|
149 | if (mem_fd < 0) |
|
|
150 | die("open(%s): %m", namebuf); |
|
150 | die("open(%s): %m", namebuf); |
|
|
151 | } |
|
151 | } |
|
|
152 | p = end = namebuf; |
|
152 | p = end = namebuf; |
|
|
153 | do |
|
153 | do |
|
|
154 | { |
|
154 | { |
|
|
155 | if (p >= end) |
|
155 | if (p >= end) |
|
|
156 | { |
|
156 | { |
|
|
157 | int remains = PAGE_SIZE - (addr & (PAGE_SIZE-1)); |
|
157 | int remains = PAGE_SIZE - (addr & (PAGE_SIZE-1)); |
|
|
158 | int l = namebuf + sizeof(namebuf) - end; |
|
158 | int l = namebuf + sizeof(namebuf) - end; |
|
|
159 | if (l > remains) |
|
159 | if (l > remains) |
|
|
160 | l = remains; |
|
160 | l = remains; |
|
|
161 | if (!l) |
|
161 | if (!l) |
|
|
162 | die("Access to file with name too long."); |
|
162 | die("Access to file with name too long."); |
|
|
163 | if (long_seek(mem_fd, addr, SEEK_SET) < 0) |
|
163 | if (long_seek(mem_fd, addr, SEEK_SET) < 0) |
|
|
164 | die("long_seek(mem): %m"); |
|
164 | die("long_seek(mem): %m"); |
|
|
165 | remains = read(mem_fd, end, l); |
|
165 | remains = read(mem_fd, end, l); |
|
|
166 | if (remains < 0) |
|
166 | if (remains < 0) |
|
|
167 | die("read(mem): %m"); |
|
167 | die("read(mem): %m"); |
|
|
168 | if (!remains) |
|
168 | if (!remains) |
|
|
169 | die("Access to file with name out of memory."); |
|
169 | die("Access to file with name out of memory."); |
|
|
170 | end += l; |
|
170 | end += l; |
|
|
171 | addr += l; |
|
171 | addr += l; |
|
|
172 | } |
|
172 | } |
|
|
173 | } |
|
173 | } |
|
|
174 | while (*p++); |
|
174 | while (*p++); |
|
|
175 |
|
175 | ||
|
|
176 | log("[%s] ", namebuf); |
|
176 | log("[%s] ", namebuf); |
|
|
177 | if (file_access >= 3) |
|
177 | if (file_access >= 3) |
|
|
178 | return; |
|
178 | return; |
|
|
179 | if (!strchr(namebuf, '/') && strcmp(namebuf, "..")) |
|
179 | if (!strchr(namebuf, '/') && strcmp(namebuf, "..")) |
|
|
180 | return; |
|
180 | return; |
|
|
181 | if (file_access >= 2) |
|
181 | if (file_access >= 2) |
|
|
182 | { |
|
182 | { |
|
|
183 | if ((!strncmp(namebuf, "/etc/", 5) || |
|
183 | if ((!strncmp(namebuf, "/etc/", 5) || |
|
|
184 | !strncmp(namebuf, "/lib/", 5) || |
|
184 | !strncmp(namebuf, "/lib/", 5) || |
|
|
185 | !strncmp(namebuf, "/usr/lib/", 9)) |
|
185 | !strncmp(namebuf, "/usr/lib/", 9)) |
|
|
186 | && !strstr(namebuf, "..")) |
|
186 | && !strstr(namebuf, "..")) |
|
|
187 | return; |
|
187 | return; |
|
|
188 | if (!strcmp(namebuf, "/dev/null") || |
|
188 | if (!strcmp(namebuf, "/dev/null") || |
|
|
189 | !strcmp(namebuf, "/dev/zero") || |
|
189 | !strcmp(namebuf, "/dev/zero") || |
|
|
|
190 | + !strcmp(namebuf, "/dev/urandom") || | ||
|
|
190 | !strcmp(namebuf, "/proc/meminfo") || |
|
191 | !strcmp(namebuf, "/proc/meminfo") || |
|
|
191 | !strcmp(namebuf, "/proc/self/stat") || |
|
192 | !strcmp(namebuf, "/proc/self/stat") || |
|
|
192 | !strncmp(namebuf, "/usr/share/zoneinfo/", 20)) |
|
193 | !strncmp(namebuf, "/usr/share/zoneinfo/", 20)) |
|
|
193 | return; |
|
194 | return; |
|
|
194 | } |
|
195 | } |
|
|
195 | die("Forbidden access to file `%s'.", namebuf); |
|
196 | die("Forbidden access to file `%s'.", namebuf); |
|
|
196 | } |
|
197 | } |
|
|
197 |
|
198 | ||
|
|
198 | static int |
|
199 | static int |
|
|
199 | valid_syscall(struct user *u) |
|
200 | valid_syscall(struct user *u) |
|
|
200 | { |
|
201 | { |
|
|
201 | switch (u->regs.orig_eax) |
|
202 | switch (u->regs.orig_eax) |
|
|
202 | { |
|
203 | { |
|
|
203 | case __NR_execve: |
|
204 | case __NR_execve: |
|
|
204 | { |
|
205 | { |
|
|
205 | static int exec_counter; |
|
206 | static int exec_counter; |
|
|
206 | return !exec_counter++; |
|
207 | return !exec_counter++; |
|
|
207 | } |
|
208 | } |
|
|
208 | case __NR_open: |
|
209 | case __NR_open: |
|
|
209 | case __NR_creat: |
|
210 | case __NR_creat: |
|
|
210 | case __NR_unlink: |
|
211 | case __NR_unlink: |
|
|
211 | case __NR_oldstat: |
|
212 | case __NR_oldstat: |
|
|
212 | case __NR_access: |
|
213 | case __NR_access: |
|
|
213 | case __NR_oldlstat: |
|
214 | case __NR_oldlstat: |
|
|
214 | case __NR_truncate: |
|
215 | case __NR_truncate: |
|
|
215 | case __NR_stat: |
|
216 | case __NR_stat: |
|
|
216 | case __NR_lstat: |
|
217 | case __NR_lstat: |
|
|
217 | case __NR_truncate64: |
|
218 | case __NR_truncate64: |
|
|
218 | case __NR_stat64: |
|
219 | case __NR_stat64: |
|
|
219 | case __NR_lstat64: |
|
220 | case __NR_lstat64: |
|
|
220 | valid_filename(u->regs.ebx); |
|
221 | valid_filename(u->regs.ebx); |
|
|
221 | return 1; |
|
222 | return 1; |
|
|
222 | case __NR_exit: |
|
223 | case __NR_exit: |
|
|
223 | case __NR_read: |
|
224 | case __NR_read: |
|
|
224 | case __NR_write: |
|
225 | case __NR_write: |
|
|
225 | case __NR_close: |
|
226 | case __NR_close: |
|
|
226 | case __NR_lseek: |
|
227 | case __NR_lseek: |
|
|
227 | case __NR_getpid: |
|
228 | case __NR_getpid: |
|
|
228 | case __NR_getuid: |
|
229 | case __NR_getuid: |
|
|
229 | case __NR_oldfstat: |
|
230 | case __NR_oldfstat: |
|
|
230 | case __NR_dup: |
|
231 | case __NR_dup: |
|
|
231 | case __NR_brk: |
|
232 | case __NR_brk: |
|
|
232 | case __NR_getgid: |
|
233 | case __NR_getgid: |
|
|
233 | case __NR_geteuid: |
|
234 | case __NR_geteuid: |
|
|
234 | case __NR_getegid: |
|
235 | case __NR_getegid: |
|
|
235 | case __NR_dup2: |
|
236 | case __NR_dup2: |
|
|
236 | case __NR_ftruncate: |
|
237 | case __NR_ftruncate: |
|
|
237 | case __NR_fstat: |
|
238 | case __NR_fstat: |
You need to be logged in to leave comments.
Login now