74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering#include <sys/ipc.h>

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering#include <sys/shm.h>

3c0cf502796be355431d4a64d738e75f543aa51dLennart Poettering#include <sys/sem.h>

3c0cf502796be355431d4a64d738e75f543aa51dLennart Poettering#include <sys/msg.h>

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering#include <sys/stat.h>

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering#include <sys/mman.h>

4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering#include <fcntl.h>

4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering#include <dirent.h>

4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering#include <mqueue.h>

4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering

4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering#include "util.h"

4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering#include "strv.h"

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen#include "clean-ipc.h"

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersenstatic int clean_sysvipc_shm(uid_t delete_uid) {

9c5e12a4314e7192e834e1b855e5e80111e636a6Tom Gundersen _cleanup_fclose_ FILE *f = NULL;

7586f4d172dd9c3ccc3126fc47dca9e49adec132Tom Gundersen char line[LINE_MAX];

d74fb368b18f0fbd9a4fe6f15691bbea7f3c4a01Tom Gundersen bool first = true;

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen int ret = 0;

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen f = fopen("/proc/sysvipc/shm", "re");

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen if (!f) {

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen if (errno == ENOENT)

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen return 0;

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen log_warning("Failed to open /proc/sysvipc/shm: %m");

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen return -errno;

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen }

3e684349c2cead2e6fd2f816c34eb17daba23a49Lennart Poettering

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen FOREACH_LINE(line, f, goto fail) {

3e684349c2cead2e6fd2f816c34eb17daba23a49Lennart Poettering unsigned n_attached;

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering pid_t cpid, lpid;

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering uid_t uid, cuid;

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering gid_t gid, cgid;

91b14d6ff362b938a72db17b095ee9903d07381bTom Gundersen int shmid;

91b14d6ff362b938a72db17b095ee9903d07381bTom Gundersen

4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering if (first) {

3c0cf502796be355431d4a64d738e75f543aa51dLennart Poettering first = false;

3c0cf502796be355431d4a64d738e75f543aa51dLennart Poettering continue;

0dd25fb9f005d8ab7ac4bc10a609d00569f8c56aLennart Poettering }

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering truncate_nl(line);

9df3ba6c6cb65eecec06f39dfe85a3596cedac4eTom Gundersen

9df3ba6c6cb65eecec06f39dfe85a3596cedac4eTom Gundersen if (sscanf(line, "%*i %i %*o %*u " PID_FMT " " PID_FMT " %u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,

9df3ba6c6cb65eecec06f39dfe85a3596cedac4eTom Gundersen &shmid, &cpid, &lpid, &n_attached, &uid, &gid, &cuid, &cgid) != 8)

f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering continue;

f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering

d74fb368b18f0fbd9a4fe6f15691bbea7f3c4a01Tom Gundersen if (n_attached > 0)

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen continue;

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen

be808ea083fa07271116b4519c3c27fd20c5f077Tom Gundersen if (uid != delete_uid)

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering continue;

b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering

b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering if (shmctl(shmid, IPC_RMID, NULL) < 0) {

b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering

b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering /* Ignore entries that are already deleted */

b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering if (errno == EIDRM || errno == EINVAL)

b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering continue;

b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering

b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering log_warning("Failed to remove SysV shared memory segment %i: %m", shmid);

b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering ret = -errno;

0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering }

0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering }

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering return ret;

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poetteringfail:

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering log_warning("Failed to read /proc/sysvipc/shm: %m");

0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering return -errno;

4e945a6f7971fd7d1f6b2c62ee3afdaff3c95ce4Lennart Poettering}

0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering

0dd25fb9f005d8ab7ac4bc10a609d00569f8c56aLennart Poetteringstatic int clean_sysvipc_sem(uid_t delete_uid) {

3c0cf502796be355431d4a64d738e75f543aa51dLennart Poettering _cleanup_fclose_ FILE *f = NULL;

74b2466e14a1961bf3ac0e8a60cfaceec705bd59Lennart Poettering char line[LINE_MAX];

91b14d6ff362b938a72db17b095ee9903d07381bTom Gundersen bool first = true;

91b14d6ff362b938a72db17b095ee9903d07381bTom Gundersen int ret = 0;

87f5a19343acf8ba697acc5a62bdb1a2b8c9eda3Lennart Poettering

0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering f = fopen("/proc/sysvipc/sem", "re");

0b58db658b5c3f586ac3a837427f1f7fec2abb2eLennart Poettering if (!f) {

0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering if (errno == ENOENT)

f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering return 0;

f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering

f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering log_warning("Failed to open /proc/sysvipc/sem: %m");

b652d4a2099d1c167584dcc1d179d47c58dc38a2Lennart Poettering return -errno;

9df3ba6c6cb65eecec06f39dfe85a3596cedac4eTom Gundersen }

f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering

f4461e5641d53f27d6e76e0607bdaa9c0c58c1f6Lennart Poettering FOREACH_LINE(line, f, goto fail) {

519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering uid_t uid, cuid;

519ef04651b07a547f010d6462603669d7fde4e5Lennart Poettering gid_t gid, cgid;

4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering int semid;

4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering

4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering if (first) {

4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering first = false;

4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering continue;

f2f1dbe50fea13abadc9c1e845a29031b90b40f3Lennart Poettering }

4b95f1798f22c1bb75295f448188560cb6ec9eceLennart Poettering

636e813dc98ea40c58c6c85bc5e7e3c9f0904ea2Lennart Poettering truncate_nl(line);

0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering

0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering if (sscanf(line, "%*i %i %*o %*u " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,

0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering &semid, &uid, &gid, &cuid, &cgid) != 5)

0eac462399c8e87bcce252cf058eba9f2678f2bdLennart Poettering continue;

8300ba218e3cf5049496937be8bce10f22d09bbcTom Gundersen

8300ba218e3cf5049496937be8bce10f22d09bbcTom Gundersen if (uid != delete_uid)

d5099efc47d4e6ac60816b5381a5f607ab03f06eMichal Schmidt continue;

if (semctl(semid, 0, IPC_RMID) < 0) {

/* Ignore entries that are already deleted */

if (errno == EIDRM || errno == EINVAL)

continue;

log_warning("Failed to remove SysV semaphores object %i: %m", semid);

ret = -errno;

}

}

return ret;

fail:

log_warning("Failed to read /proc/sysvipc/sem: %m");

return -errno;

}

static int clean_sysvipc_msg(uid_t delete_uid) {

_cleanup_fclose_ FILE *f = NULL;

char line[LINE_MAX];

bool first = true;

int ret = 0;

f = fopen("/proc/sysvipc/msg", "re");

if (!f) {

if (errno == ENOENT)

return 0;

log_warning("Failed to open /proc/sysvipc/msg: %m");

return -errno;

}

FOREACH_LINE(line, f, goto fail) {

uid_t uid, cuid;

gid_t gid, cgid;

pid_t cpid, lpid;

int msgid;

if (first) {

first = false;

continue;

}

truncate_nl(line);

if (sscanf(line, "%*i %i %*o %*u %*u " PID_FMT " " PID_FMT " " UID_FMT " " GID_FMT " " UID_FMT " " GID_FMT,

&msgid, &cpid, &lpid, &uid, &gid, &cuid, &cgid) != 7)

continue;

if (uid != delete_uid)

continue;

if (msgctl(msgid, IPC_RMID, NULL) < 0) {

/* Ignore entries that are already deleted */

if (errno == EIDRM || errno == EINVAL)

continue;

log_warning("Failed to remove SysV message queue %i: %m", msgid);

ret = -errno;

}

}

return ret;

fail:

log_warning("Failed to read /proc/sysvipc/msg: %m");

return -errno;

}

static int clean_posix_shm_internal(DIR *dir, uid_t uid) {

struct dirent *de;

int ret = 0, r;

assert(dir);

FOREACH_DIRENT(de, dir, goto fail) {

struct stat st;

if (STR_IN_SET(de->d_name, "..", "."))

continue;

if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {

if (errno == ENOENT)

continue;

log_warning("Failed to stat() POSIX shared memory segment %s: %m", de->d_name);

ret = -errno;

continue;

}

if (st.st_uid != uid)

continue;

if (S_ISDIR(st.st_mode)) {

_cleanup_closedir_ DIR *kid;

kid = xopendirat(dirfd(dir), de->d_name, O_NOFOLLOW|O_NOATIME);

if (!kid) {

if (errno != ENOENT) {

log_warning("Failed to enter shared memory directory %s: %m", de->d_name);

ret = -errno;

}

} else {

r = clean_posix_shm_internal(kid, uid);

if (r < 0)

ret = r;

}

if (unlinkat(dirfd(dir), de->d_name, AT_REMOVEDIR) < 0) {

if (errno == ENOENT)

continue;

log_warning("Failed to remove POSIX shared memory directory %s: %m", de->d_name);

ret = -errno;

}

} else {

if (unlinkat(dirfd(dir), de->d_name, 0) < 0) {

if (errno == ENOENT)

continue;

log_warning("Failed to remove POSIX shared memory segment %s: %m", de->d_name);

ret = -errno;

}

}

}

return ret;

fail:

log_warning("Failed to read /dev/shm: %m");

return -errno;

}

static int clean_posix_shm(uid_t uid) {

_cleanup_closedir_ DIR *dir = NULL;

dir = opendir("/dev/shm");

if (!dir) {

if (errno == ENOENT)

return 0;

log_warning("Failed to open /dev/shm: %m");

return -errno;

}

return clean_posix_shm_internal(dir, uid);

}

static int clean_posix_mq(uid_t uid) {

_cleanup_closedir_ DIR *dir = NULL;

struct dirent *de;

int ret = 0;

dir = opendir("/dev/mqueue");

if (!dir) {

if (errno == ENOENT)

return 0;

log_warning("Failed to open /dev/mqueue: %m");

return -errno;

}

FOREACH_DIRENT(de, dir, goto fail) {

struct stat st;

char fn[1+strlen(de->d_name)+1];

if (STR_IN_SET(de->d_name, "..", "."))

continue;

if (fstatat(dirfd(dir), de->d_name, &st, AT_SYMLINK_NOFOLLOW) < 0) {

if (errno == ENOENT)

continue;

log_warning("Failed to stat() MQ segment %s: %m", de->d_name);

ret = -errno;

continue;

}

if (st.st_uid != uid)

continue;

fn[0] = '/';

strcpy(fn+1, de->d_name);

if (mq_unlink(fn) < 0) {

if (errno == ENOENT)

continue;

log_warning("Failed to unlink POSIX message queue %s: %m", fn);

ret = -errno;

}

}

return ret;

fail:

log_warning("Failed to read /dev/mqueue: %m");

return -errno;

}

int clean_ipc(uid_t uid) {

int ret = 0, r;

/* Refuse to clean IPC of the root and system users */

if (uid <= SYSTEM_UID_MAX)

return 0;

r = clean_sysvipc_shm(uid);

if (r < 0)

ret = r;

r = clean_sysvipc_sem(uid);

if (r < 0)

ret = r;

r = clean_sysvipc_msg(uid);

if (r < 0)

ret = r;

r = clean_posix_shm(uid);

if (r < 0)

ret = r;

r = clean_posix_mq(uid);

if (r < 0)

ret = r;

return ret;

}