FreeBSD Bugzilla – Attachment 210141 Details for
Bug 241684
autofs: no way to have permissions other than 755 for automounted media
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Generalized default options hack
mount.diff (text/plain), 3.79 KB, created by
Jason W. Bacon
on 2019-12-22 15:16:05 UTC
(
hide
)
Description:
Generalized default options hack
Filename:
MIME Type:
Creator:
Jason W. Bacon
Created:
2019-12-22 15:16:05 UTC
Size:
3.79 KB
patch
obsolete
>--- mount/getmntopts.c.orig 2019-12-21 19:19:51.288176000 -0600 >+++ mount/getmntopts.c 2019-12-22 09:02:16.990651000 -0600 >@@ -48,6 +48,7 @@ > #include <stdio.h> > #include <stdlib.h> > #include <string.h> >+#include <sysexits.h> > > #include "mntopts.h" > >@@ -196,4 +197,86 @@ > for (i = 0; i < *iovlen; i++) > free((*iov)[i].iov_base); > free(*iov); >+} >+ >+ >+int >+secure_conf(const char *filename, struct stat *sb, char *argv[]) >+ >+{ >+ int status; >+ >+ if ( (status = stat(filename, sb)) != -1 ) >+ { >+ if ( (sb->st_uid != 0) || (sb->st_gid != 0) ) >+ { >+ fprintf(stderr, "%s: Security issue: %s must be owned by root/wheel!\n", argv[0], MOPT_CONF_FILE); >+ exit(EX_OSFILE); >+ } >+ if ( sb->st_mode &(S_IWGRP|S_IWOTH) ) >+ { >+ fprintf(stderr, "%s: Security issue: %s cannot be group or world writable!\n", argv[0], MOPT_CONF_FILE); >+ exit(EX_OSFILE); >+ } >+ } >+ return status; >+} >+ >+ >+/* >+ * Copy argv to new_argv, inserting additional arguments from >+ * MOPT_CONF_FILE. Return the number of arguments added. >+ */ >+ >+int >+insert_default_args(int argc, char *argv[], char *new_argv[ARG_MAX], >+ const char *fstype) >+ >+{ >+ int c, new_args = 0; >+ FILE *fp; >+ char *confp = NULL, *tok = NULL, buff[MOPT_FLAGS_MAX + 1], *p; >+ struct stat sb; >+ >+ /* Insert flags from conf before argv[1] */ >+ if ( secure_conf(MOPT_CONF_FILE, &sb, argv) != -1 ) >+ { >+ new_argv[0] = argv[0]; >+ /* OK if conf file does not exist */ >+ if ( (fp = fopen(MOPT_CONF_FILE, "r")) == NULL ) >+ return 0; >+ while ( fgets(buff, MOPT_FLAGS_MAX, fp) != NULL ) >+ { >+ p = buff + strlen(buff) - 1; >+ /* Ignore bad conf file, return original argv */ >+ if ( *p != '\n' ) >+ { >+ fprintf(stderr, "%s: %s: Max line length is %u.\n", >+ argv[0], MOPT_CONF_FILE, MOPT_FLAGS_MAX); >+ for (c = 0; c <= argc; ++c) >+ new_argv[c] = argv[c]; >+ return 0; >+ } >+ *p = '\0'; >+ confp = buff; >+ tok = strsep(&confp, " \t"); >+ if ( strcmp(tok, fstype) == 0 ) >+ { >+ fputs("Found msdosfs conf.\n", stderr); >+ for (new_args = 0; >+ (tok = strsep(&confp, " \t")) != NULL; >+ ++new_args) >+ { >+ new_argv[new_args + 1] = strdup(tok); >+ } >+ for (c = 1; c <= argc; ++c) >+ new_argv[c + new_args] = argv[c]; >+ for (c = 0; c <= argc + new_args; ++c) >+ printf("new_argv[%u] = %s\n", >+ c, new_argv[c]); >+ } >+ } >+ fclose(fp); >+ } >+ return new_args; > } >--- mount/mntopts.h.orig 2019-12-21 19:19:33.147832000 -0600 >+++ mount/mntopts.h 2019-12-22 09:01:32.108451000 -0600 >@@ -95,6 +95,11 @@ > MOPT_NFS4ACLS, \ > MOPT_AUTOMOUNTED > >+#define MOPT_CONF_FILE "/etc/mount_defaults.conf" >+#define MOPT_FLAGS_MAX 1024 >+ >+int secure_conf(const char *filename, struct stat *sb, char *argv[]); >+int insert_default_args(int argc, char *argv[], char *new_argv[ARG_MAX], const char *fstype); > void getmntopts(const char *, const struct mntopt *, int *, int *); > void rmslashes(char *, char *); > int checkpath(const char *, char resolved_path[]); >--- mount_msdosfs/mount_msdosfs.c.orig 2019-12-14 09:06:44.488687000 -0600 >+++ mount_msdosfs/mount_msdosfs.c 2019-12-22 08:48:13.255580000 -0600 >@@ -80,10 +80,12 @@ > mode_t mask = 0, dirmask = 0; > uid_t uid = 0; > gid_t gid = 0; >+ char *new_argv[ARG_MAX]; > > set_gid = set_uid = set_mask = set_dirmask = 0; > >- while ((c = getopt(argc, argv, "sl9u:g:m:M:o:L:D:W:")) != -1) { >+ argc += insert_default_args(argc, argv, new_argv, fstype); >+ while ((c = getopt(argc, new_argv, "sl9u:g:m:M:o:L:D:W:")) != -1) { > switch (c) { > case 's': > build_iovec(&iov, &iovlen, "shortnames", NULL, (size_t)-1); >@@ -176,8 +178,8 @@ > set_mask = 1; > } > >- dev = argv[optind]; >- dir = argv[optind + 1]; >+ dev = new_argv[optind]; >+ dir = new_argv[optind + 1]; > > if (cs_local != NULL) { > if (set_charset(&iov, &iovlen, cs_local, cs_dos) == -1) >@@ -227,7 +229,7 @@ > err(1, "%s", dev); > } > >- exit (0); >+ exit (EX_OK); > } > > gid_t
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=210141">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 241684
:
209942
|
209943
| 210141 |
210468
|
210469
|
210470