Viewing file:  FileReadHelperMain.cpp (5.31 KB) -rw-r--r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
/*
* Phusion Passenger - https://www.phusionpassenger.com/
* Copyright (c) 2018 Phusion Holding B.V.
*
* "Passenger", "Phusion Passenger" and "Union Station" are registered
* trademarks of Phusion Holding B.V.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
// A helper app that reads from an arbitrary file.
// Its main reason for existance is to allow root processes (such as the Core)
// to read from arbitrary files in a way that's safe from symlink and other
// kinds of attacks. See the documentation for safeReadFile()
// to learn more about the different types of attacks.
//
// file-read-helper is used when the caller cannot use safeReadFile(),
// e.g. when the following two conditions hold at the same time:
//
// 1. The caller does not have control over the safety of the parent
// directories leading to the file.
// 2. The caller cannot choose not to disclose the contents of the file.
//
// file-read-helper MUST be used in combination with exec-helper in order
// to lower its privilege, otherwise no protection is provided.
#include <cstdio>
#include <cstdlib>
#include <cstddef>
#include <cerrno>
#include <cstring>
#include <string>
#include <algorithm>
#include <limits>
#include <fcntl.h>
#include <unistd.h>
#include <Constants.h>
#include <MainFunctions.h>
#include <ProcessManagement/Utils.h>
#include <IOTools/IOUtils.h>
#include <Utils/OptionParsing.h>
namespace Passenger {
namespace FileReadHelper {
using namespace std;
struct Options {
size_t limit;
int programArgStart;
Options()
: limit(std::numeric_limits<size_t>::max()),
programArgStart(2)
{ }
};
static void
usage() {
// ....|---------------Keep output within standard terminal width (80 chars)------------|
printf("Usage: " AGENT_EXE " file-read-helper [OPTIONS...] <PATH>\n");
printf("Reads the given file with O_NONBLOCK.\n");
printf("\n");
printf("Options:\n");
printf(" --limit <SIZE> Limit the number of bytes read (default: unlimited).\n");
printf(" --help Show this help message.\n");
}
static bool
parseOption(int argc, const char *argv[], int &i, Options &options) {
OptionParser p(usage);
if (p.isValueFlag(argc, i, argv[i], '\0', "--limit")) {
options.limit = atoi(argv[i + 1]);
i += 2;
} else {
return false;
}
return true;
}
static bool
parseOptions(int argc, const char *argv[], Options &options) {
OptionParser p(usage);
int i = 2;
while (i < argc) {
if (parseOption(argc, argv, i, options)) {
continue;
} else if (p.isFlag(argv[i], 'h', "--help")) {
usage();
exit(0);
} else if (*argv[i] == '-') {
fprintf(stderr, "ERROR: unrecognized argument %s. Please type "
"'%s file-read-helper --help' for usage.\n", argv[i], argv[0]);
exit(1);
} else {
options.programArgStart = i;
return true;
}
}
return true;
}
} // namespace FileReadHelper
} // namespace Passenger
int
fileReadHelperMain(int argc, char *argv[]) {
using namespace Passenger;
using namespace Passenger::FileReadHelper;
if (argc < 3) {
usage();
exit(1);
}
Options options;
if (!parseOptions(argc, (const char **) argv, options)) {
fprintf(stderr, "Error parsing arguments.\n");
usage();
exit(1);
}
if (argc != options.programArgStart + 1) {
fprintf(stderr, "ERROR: no file path given. Please type "
"'%s file-read-helper --help' for usage.\n", argv[0]);
exit(1);
}
if (geteuid() == 0) {
fprintf(stderr, "ERROR: file-read-helper cannot be run with root"
" privileges. Please use in combination with exec-helper.\n");
exit(1);
}
resetSignalHandlersAndMask();
disableMallocDebugging();
const char *path = argv[options.programArgStart];
int fd;
do {
fd = open(path, O_RDONLY | O_NONBLOCK);
} while (fd == -1 && errno == EINTR);
if (fd == -1) {
int e = errno;
fprintf(stderr, "Error opening %s for reading: %s (errno=%d)\n",
path, strerror(e), e);
exit(1);
}
size_t totalRead = 0;
char buf[1024 * 16];
while (totalRead < options.limit) {
ssize_t ret;
do {
ret = read(fd, buf,
std::min<size_t>(sizeof(buf), options.limit - totalRead));
} while (ret == -1 && errno == EINTR);
if (ret == -1) {
int e = errno;
fprintf(stderr, "Error reading from %s: %s (errno=%d)\n",
path, strerror(e), e);
exit(1);
} else if (ret == 0) {
break;
} else {
totalRead += ret;
writeExact(1, StaticString(buf, ret));
}
}
return 0;
}
|