1// Copyright (c) 2009 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5// The following is duplicated from base/linux_utils.cc. 6// We shouldn't link against C++ code in a setuid binary. 7 8#define _GNU_SOURCE // For O_DIRECTORY 9#include "linux_util.h" 10 11#include <dirent.h> 12#include <errno.h> 13#include <fcntl.h> 14#include <limits.h> 15#include <stdio.h> 16#include <stdlib.h> 17#include <string.h> 18#include <sys/stat.h> 19#include <sys/types.h> 20#include <unistd.h> 21 22// expected prefix of the target of the /proc/self/fd/%d link for a socket 23static const char kSocketLinkPrefix[] = "socket:["; 24 25// Parse a symlink in /proc/pid/fd/$x and return the inode number of the 26// socket. 27// inode_out: (output) set to the inode number on success 28// path: e.g. /proc/1234/fd/5 (must be a UNIX domain socket descriptor) 29static bool ProcPathGetInodeAt(ino_t* inode_out, int base_dir_fd, 30 const char* path) { 31 // We also check that the path is relative. 32 if (!inode_out || !path || *path == '/') 33 return false; 34 char buf[256]; 35 const ssize_t n = readlinkat(base_dir_fd, path, buf, sizeof(buf) - 1); 36 if (n < 0) 37 return false; 38 buf[n] = 0; 39 40 if (memcmp(kSocketLinkPrefix, buf, sizeof(kSocketLinkPrefix) - 1)) 41 return false; 42 43 char *endptr = NULL; 44 errno = 0; 45 const unsigned long long int inode_ull = 46 strtoull(buf + sizeof(kSocketLinkPrefix) - 1, &endptr, 10); 47 if (inode_ull == ULLONG_MAX || !endptr || *endptr != ']' || errno != 0) 48 return false; 49 50 *inode_out = inode_ull; 51 return true; 52} 53 54static DIR* opendirat(int base_dir_fd, const char* name) { 55 // Also check that |name| is relative. 56 if (base_dir_fd < 0 || !name || *name == '/') 57 return NULL; 58 int new_dir_fd = openat(base_dir_fd, name, O_RDONLY | O_DIRECTORY); 59 if (new_dir_fd < 0) 60 return NULL; 61 62 return fdopendir(new_dir_fd); 63} 64 65bool FindProcessHoldingSocket(pid_t* pid_out, ino_t socket_inode) { 66 bool already_found = false; 67 68 DIR* proc = opendir("/proc"); 69 if (!proc) 70 return false; 71 72 const uid_t uid = getuid(); 73 struct dirent* dent; 74 while ((dent = readdir(proc))) { 75 char *endptr = NULL; 76 errno = 0; 77 const unsigned long int pid_ul = strtoul(dent->d_name, &endptr, 10); 78 if (pid_ul == ULONG_MAX || !endptr || *endptr || errno != 0) 79 continue; 80 81 // We have this setuid code here because the zygote and its children have 82 // /proc/$pid/fd owned by root. While scanning through /proc, we add this 83 // extra check so users cannot accidentally gain information about other 84 // users' processes. To determine process ownership, we use the property 85 // that if user foo owns process N, then /proc/N is owned by foo. 86 int proc_pid_fd = -1; 87 { 88 char buf[256]; 89 struct stat statbuf; 90 snprintf(buf, sizeof(buf), "/proc/%lu", pid_ul); 91 proc_pid_fd = open(buf, O_RDONLY | O_DIRECTORY); 92 if (proc_pid_fd < 0) 93 continue; 94 if (fstat(proc_pid_fd, &statbuf) < 0 || uid != statbuf.st_uid) { 95 close(proc_pid_fd); 96 continue; 97 } 98 } 99 100 DIR* fd = opendirat(proc_pid_fd, "fd"); 101 if (!fd) { 102 close(proc_pid_fd); 103 continue; 104 } 105 106 while ((dent = readdir(fd))) { 107 char buf[256]; 108 int printed = snprintf(buf, sizeof(buf), "fd/%s", dent->d_name); 109 if (printed < 0 || printed >= (int)(sizeof(buf) - 1)) { 110 continue; 111 } 112 113 ino_t fd_inode; 114 if (ProcPathGetInodeAt(&fd_inode, proc_pid_fd, buf)) { 115 if (fd_inode == socket_inode) { 116 if (already_found) { 117 closedir(fd); 118 close(proc_pid_fd); 119 closedir(proc); 120 return false; 121 } 122 123 already_found = true; 124 *pid_out = pid_ul; 125 break; 126 } 127 } 128 } 129 closedir(fd); 130 close(proc_pid_fd); 131 } 132 closedir(proc); 133 134 return already_found; 135} 136