~ubuntu-branches/ubuntu/utopic/vsftpd/utopic-proposed

Viewing changes to sysdeputil.c

Committer: Package Import Robot
Author(s): Daniel Llewellyn (Bang Communications)
Date: 2013-05-08 14:08:53 UTC
mfrom: (2.6.1 squeeze)
Revision ID: package-import@ubuntu.com-20130508140853-ahhuki963v9fuuns

Tags: 3.0.2-1ubuntu2

* debian/patches/13-disable-clone-newpid.patch
  - patch to remove CLONE_NEWPID syscall
    see: https://bugzilla.novell.com/show_bug.cgi?id=786024#c38
    Fixes LP: #1160372

files added:
.pc

.pc/.quilt_patches

.pc/.quilt_series

.pc/.version

.pc/01-builddefs.patch

.pc/01-builddefs.patch/builddefs.h

.pc/02-config.patch

.pc/02-config.patch/tunables.c

.pc/02-config.patch/vsftpd.conf

.pc/02-config.patch/vsftpd.conf.5

.pc/03-db-doc.patch

.pc/03-db-doc.patch/EXAMPLE

.pc/03-db-doc.patch/EXAMPLE/VIRTUAL_USERS

.pc/03-db-doc.patch/EXAMPLE/VIRTUAL_USERS/README

.pc/04-link-local.patch

.pc/04-link-local.patch/standalone.c

.pc/04-link-local.patch/sysutil.c

.pc/04-link-local.patch/sysutil.h

.pc/05-whitespaces.patch

.pc/05-whitespaces.patch/parseconf.c

.pc/05-whitespaces.patch/str.c

.pc/05-whitespaces.patch/str.h

.pc/05-whitespaces.patch/sysutil.c

.pc/05-whitespaces.patch/sysutil.h

.pc/06-greedy.patch

.pc/06-greedy.patch/ls.c

.pc/07-utf8.patch

.pc/07-utf8.patch/features.c

.pc/07-utf8.patch/parseconf.c

.pc/07-utf8.patch/tunables.c

.pc/07-utf8.patch/tunables.h

.pc/08-manpage.patch

.pc/08-manpage.patch/vsftpd.8

.pc/08-manpage.patch/vsftpd.conf.5

.pc/09-disable-anonymous.patch

.pc/09-disable-anonymous.patch/vsftpd.conf

.pc/09-s390.patch

.pc/09-s390.patch/sysdeputil.c

.pc/10-remote-dos.patch

.pc/10-remote-dos.patch/sysdeputil.c

.pc/11-alpha.patch

.pc/11-alpha.patch/sysdeputil.c

.pc/12-buildflags.patch

.pc/12-buildflags.patch/Makefile

.pc/12-ubuntu-use-snakeoil-ssl.patch

.pc/12-ubuntu-use-snakeoil-ssl.patch/vsftpd.conf

.pc/13-disable-clone-newpid.patch

.pc/13-disable-clone-newpid.patch/sysdeputil.c

.pc/applied-patches

debian/patches/04-link-local.patch

debian/patches/05-whitespaces.patch

debian/patches/06-greedy.patch

debian/patches/07-utf8.patch

debian/patches/08-manpage.patch

debian/patches/09-s390.patch

debian/patches/10-remote-dos.patch

debian/patches/11-alpha.patch

debian/patches/12-buildflags.patch

debian/patches/12-ubuntu-use-snakeoil-ssl.patch

debian/patches/13-disable-clone-newpid.patch

debian/po/ca.po

debian/po/da.po

debian/po/id.po

debian/po/nl.po

debian/po/pt_BR.po

debian/source/options

debian/vsftpd.NEWS

debian/vsftpd.apport

debian/vsftpd.systemd

seccompsandbox.c

seccompsandbox.h

files removed:
debian/README.source

debian/patches/04-alpha.patch

debian/patches/05-link-local.patch

debian/patches/06-whitespaces.patch

debian/patches/07-greedy.patch

debian/patches/07_vsftpd-enable-utf8.patch

debian/patches/08-utf8.patch

debian/patches/09-manpage.patch

debian/patches/10-logging.patch

debian/vsftpd.preseed

files modified:
BUGS

Changelog

EXAMPLE/VIRTUAL_USERS/README

Makefile

README

TODO

access.c

banner.c

builddefs.h

debian/changelog

debian/compat

debian/control

debian/copyright

debian/patches/02-config.patch

debian/patches/series

debian/po/cs.po

debian/po/de.po

debian/po/es.po

debian/po/fi.po

debian/po/fr.po

debian/po/gl.po

debian/po/it.po

debian/po/ja.po

debian/po/pt.po

debian/po/ru.po

debian/po/sv.po

debian/po/templates.pot

debian/po/zh_CN.po

debian/rules

debian/source/format

debian/vsftpd.README.Debian

debian/vsftpd.examples

debian/vsftpd.postinst

debian/vsftpd.postrm

debian/vsftpd.upstart

defs.h

features.c

filestr.c

ftpcmdio.c

ftpcmdio.h

ftpdataio.c

ftppolicy.c

hash.c

logging.c

ls.c

ls.h

main.c

netstr.c

netstr.h

oneprocess.c

parseconf.c

postlogin.c

postprivparent.c

prelogin.c

privops.c

ptracesandbox.c

readwrite.c

secutil.c

secutil.h

session.h

ssl.c

sslslave.c

standalone.c

str.c

str.h

strlist.c

strlist.h

sysdeputil.c

sysstr.c

sysstr.h

sysutil.c

sysutil.h

tunables.c

tunables.h

twoprocess.c

utility.c

vsf_findlibs.sh

vsftpd.8

vsftpd.conf

vsftpd.conf.5

vsftpver.h

Show diffs side-by-side

added added

removed removed

sysdeputil.c

#define _LARGEFILE64_SOURCE 1

#endif

#ifdef __linux__

#include <stdio.h>

#include <sys/utsname.h>

#endif

/* For INT_MAX */

#include <limits.h>

#include <utmpx.h>

/* BEGIN config */

#if defined(__linux__)

#if defined(__linux__) && !defined(__s390__)

#include <errno.h>

#include <syscall.h>

#define VSF_SYSDEP_HAVE_LINUX_CLONE

#include <linux/unistd.h>

#include <errno.h>

#include <syscall.h>

#if defined(__alpha__)

#define __NR_getpid __NR_getxpid

#endif

#if defined(__linux__) && !defined(__ia64__) && !defined(__s390__)

322

330

const struct mystr* p_pass_str,

323

331

const struct mystr* p_remote_host)

324

332

{

325

int retval;

333

int retval = -1;

326

334

pam_item_t item;

327

335

const char* pam_user_name = 0;

328

336

struct pam_conv the_conv =

335

343

bug("vsf_sysdep_check_auth");

336

344

}

337

345

str_copy(&s_pword_str, p_pass_str);

338

retval = pam_start(tunable_pam_service_name,

339

str_getbuf(p_user_str), &the_conv, &s_pamh);

346

if (tunable_pam_service_name)

347

{

348

retval = pam_start(tunable_pam_service_name,

349

str_getbuf(p_user_str), &the_conv, &s_pamh);

350

}

340

351

if (retval != PAM_SUCCESS)

341

352

{

342

353

s_pamh = 0;

1259

1270

#endif

1260

1271

}

1261

1272

1273

#ifdef VSF_SYSDEP_HAVE_LINUX_CLONE

1274

/* On Linux versions <2.6.35, netns cleanup may be so slow that

1275

* creating a netns per connection allows a remote denial-of-service.

1276

* We therefore do not use CLONE_NEWNET on these versions.

1277

1278

static int

1279

vsf_sysutil_netns_cleanup_is_fast(void)

1280

{

1281

#ifdef __linux__

1282

struct utsname utsname;

1283

int r1, r2, r3 = 0;

1284

return (uname(&utsname) == 0 &&

1285

sscanf(utsname.release, "%d.%d.%d", &r1, &r2, &r3) >= 2 &&

1286

((r1 << 16) | (r2 << 8) | r3) >= ((2 << 16) | (6 << 8) | 35));

1287

#else

1288

/* Assume any other kernel that has the feature don't have this problem */

1289

return 1;

1290

#endif

1291

}

1292

#endif

1293

1262

1294

int

1263

1295

vsf_sysutil_fork_isolate_all_failok()

1264

1296

{

1265

1297

#ifdef VSF_SYSDEP_HAVE_LINUX_CLONE

1266

static int cloneflags_work = 1;

1298

static int cloneflags_work = -1;

1299

if (cloneflags_work < 0)

1300

{

1301

cloneflags_work = vsf_sysutil_netns_cleanup_is_fast();

1302

}

1267

1303

if (cloneflags_work)

1268

1304

{

1269

1305

int ret = syscall(__NR_clone,

1270

CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD,

1306

CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD,

1271

1307

NULL);

1272

1308

if (ret != -1 || (errno != EINVAL && errno != EPERM))

1273

1309

{

1290

1326

static int cloneflags_work = 1;

1291

1327

if (cloneflags_work)

1292

1328

{

1293

int ret = syscall(__NR_clone, CLONE_NEWPID | CLONE_NEWIPC | SIGCHLD, NULL);

1329

int ret = syscall(__NR_clone, CLONE_NEWIPC | SIGCHLD, NULL);

1294

1330

if (ret != -1 || (errno != EINVAL && errno != EPERM))

1295

1331

{

1296

1332

if (ret == 0)

1309

1345

vsf_sysutil_fork_newnet()

1310

1346

{

1311

1347

#ifdef VSF_SYSDEP_HAVE_LINUX_CLONE

1312

static int cloneflags_work = 1;

1348

static int cloneflags_work = -1;

1349

if (cloneflags_work < 0)

1350

{

1351

cloneflags_work = vsf_sysutil_netns_cleanup_is_fast();

1352

}

1313

1353

if (cloneflags_work)

1314

1354

{

1315

1355

int ret = syscall(__NR_clone, CLONE_NEWNET | SIGCHLD, NULL);

Older »