[100221] trunk/base/src/darwintracelib1.0/darwintrace.c

cal at macports.org cal at macports.org
Mon Dec 3 16:39:01 PST 2012


Revision: 100221
          https://trac.macports.org/changeset/100221
Author:   cal at macports.org
Date:     2012-12-03 16:39:01 -0800 (Mon, 03 Dec 2012)
Log Message:
-----------
darwintrace: make the darwintrace FD a moving target, hide files rather than denying access

Move the darwintrace file descriptor when somebody tries dup2(2)'ing
over it. This is better compared to the previous solution using a fixed
high-number FD because it doesn't break software actually using this FD
number.

Also hide files rather than denying access where possible by setting
errno to ENOENT rather than EACCES where the standards allow this.

Modified Paths:
--------------
    trunk/base/src/darwintracelib1.0/darwintrace.c

Modified: trunk/base/src/darwintracelib1.0/darwintrace.c
===================================================================
--- trunk/base/src/darwintracelib1.0/darwintrace.c	2012-12-04 00:30:12 UTC (rev 100220)
+++ trunk/base/src/darwintracelib1.0/darwintrace.c	2012-12-04 00:39:01 UTC (rev 100221)
@@ -144,7 +144,6 @@
 inline void __darwintrace_cleanup_path(char *path);
 static char * exchange_with_port(const char * buf, size_t len, int answer);
 
-#define DT_STATIC_FD_NUM (236)
 static int __darwintrace_fd = -2;
 static FILE *__darwintrace_debug = NULL;
 static pid_t __darwintrace_pid = (pid_t) -1;
@@ -362,12 +361,6 @@
 		if (__env_darwintrace_log != NULL) {
 			int olderrno = errno;
 			int sock = socket(AF_UNIX, SOCK_STREAM, 0);
-			if (-1 == dup2(sock, DT_STATIC_FD_NUM)) {
-				debug_printf("couldn't duplicate filedescriptor into %d", DT_STATIC_FD_NUM);
-				abort();
-			}
-			close(sock);
-			sock = DT_STATIC_FD_NUM;
 			struct sockaddr_un sun;
 			sun.sun_family = AF_UNIX;
 			strncpy(sun.sun_path, __env_darwintrace_log, sizeof(sun.sun_path));
@@ -499,10 +492,13 @@
 	int result = 0;
 	struct stat st;
 
+	debug_printf("ask_for_dependency: %s\n", path);
+
 	if (-1 == stat(path, &st)) {
 		return 1;
 	}
 	if (S_ISDIR(st.st_mode)) {
+		debug_printf("%s is directory\n", path);
 		return 1;
 	}
 	
@@ -692,7 +688,7 @@
 	*newpath = '\0';
 	if (!__darwintrace_is_in_sandbox(path, newpath)) {
 		debug_printf("open %s was forbidden\n", path);
-		errno = EACCES;
+		errno = ((flags & O_CREAT) > 0) ? EACCES : ENOENT;
 		return -1;
 	}
 
@@ -725,7 +721,7 @@
 
 	*newpath = '\0';
 	if (!__darwintrace_is_in_sandbox(path, newpath)) {
-		errno = EACCES;
+		errno = ENOENT;
 		return -1;
 	}
 
@@ -839,8 +835,18 @@
 
 	debug_printf("dup2(%d, %d)\n", filedes, filedes2);
 	if (__darwintrace_fd != -2 && filedes2 == __darwintrace_fd) {
-		errno = EBADF;
-		return -1;
+		/* if somebody tries to close our file descriptor, just move it out of
+		 * the way. Make sure it doesn't end up as stdin/stdout/stderr, though!
+		 * */
+		int new_darwintrace_fd;
+
+		if (-1 == (new_darwintrace_fd = fcntl(__darwintrace_fd, F_DUPFD, STDOUT_FILENO + 1))) {
+			/* if duplicating fails, do not allow overwriting either! */
+			return -1;
+		}
+
+		debug_printf("moving __darwintrace_fd from %d to %d\n", __darwintrace_fd, new_darwintrace_fd);
+		__darwintrace_fd = new_darwintrace_fd;
 	}
 
 	return dup2(filedes, filedes2);
@@ -856,7 +862,7 @@
 	*newpath = '\0';
 	if (!__darwintrace_is_in_sandbox(path, newpath)) {
 		debug_printf("unlink %s was forbidden\n", path);
-		errno = EACCES;
+		errno = ENOENT;
 		return -1;
 	}
 
@@ -905,7 +911,7 @@
 #define __rmdir(x) syscall(SYS_rmdir, (x))
 	if (!__darwintrace_is_in_sandbox(path, NULL)) {
 		debug_printf("removing directory %s was forbidden\n", path);
-		errno = EACCES;
+		errno = ENOENT;
 		return -1;
 	}
 
@@ -921,7 +927,7 @@
 	if (!__darwintrace_is_in_sandbox(from, NULL)) {
 		/* outside sandbox, forbid */
 		debug_printf("renaming from %s was forbidden\n", from);
-		errno = EACCES;
+		errno = ENOENT;
 		return -1;
 	}
 	if (!__darwintrace_is_in_sandbox(to, NULL)) {
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-changes/attachments/20121203/ebf081b7/attachment.html>


More information about the macports-changes mailing list