From 298e1a85181102bde3aed73f73a34fe81f7de66a Mon Sep 17 00:00:00 2001 From: Stef Walter Date: Wed, 19 May 2004 16:35:30 +0000 Subject: Create /dev/null before opening kernel interfaces if it doesn't exist --- srcx/jps.c | 198 ++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 103 insertions(+), 95 deletions(-) (limited to 'srcx/jps.c') diff --git a/srcx/jps.c b/srcx/jps.c index c34aa41..6f8e4db 100644 --- a/srcx/jps.c +++ b/srcx/jps.c @@ -61,117 +61,125 @@ static void run_jail_ps(int argc, char* argv[]); int main(int argc, char* argv[]) { - int ch = 0; - int simple = 0; - int jid = 0; - - while((ch = getopt(argc, argv, "i")) != -1) - { - switch(ch) - { - case 'i': - simple = 1; - break; - - case '?': - default: - usage(); - } - } - - argc -= optind; - argv += optind; - - /* Make sure we have a jail name or id */ - if(argc == 0) - usage(); - - if(running_in_jail()) - errx(1, "can't run from inside jail"); - - /* Translate the jail name into an id if neccessary */ - jid = translate_jail_name(argv[0]); - if(jid == -1) - errx(1, "unknown jail host name: %s", argv[0]); - - argc--; - argv++; - - /* Go into the jail */ - if(jail_attach(jid) == -1) - err(1, "couldn't attach to jail"); - - if(simple) - { - if(argc > 0) - usage(); - - print_jail_ids(); - } - - else - { - /* This function never returns */ - run_jail_ps(argc, argv); - } - - return 0; + int ch = 0; + int simple = 0; + int jid = 0; + + while((ch = getopt(argc, argv, "i")) != -1) + { + switch(ch) + { + case 'i': + simple = 1; + break; + + case '?': + default: + usage(); + } + } + + argc -= optind; + argv += optind; + + /* Make sure we have a jail name or id */ + if(argc == 0) + usage(); + + if(running_in_jail()) + errx(1, "can't run from inside jail"); + + /* Translate the jail name into an id if neccessary */ + jid = translate_jail_name(argv[0]); + if(jid == -1) + errx(1, "unknown jail host name: %s", argv[0]); + + argc--; + argv++; + + /* Go into the jail */ + if(jail_attach(jid) == -1) + err(1, "couldn't attach to jail"); + + if(simple) + { + if(argc > 0) + usage(); + + print_jail_ids(); + } + + else + { + /* This function never returns */ + run_jail_ps(argc, argv); + } + + return 0; } static void usage() { - fprintf(stderr, "usage: jps [-i] jail [ ps_options ... ]\n"); - exit(2); + fprintf(stderr, "usage: jps [-i] jail [ ps_options ... ]\n"); + exit(2); } static void run_jail_ps(int argc, char* argv[]) { - char** args; - int i; + char errbuf[_POSIX2_LINE_MAX]; + char** args; + kvm_t kd; + int i; - if(!check_jail_command(NULL, "/bin/ps")) - exit(1); + if(!check_jail_command(NULL, "/bin/ps")) + exit(1); - /* - * TODO: We need to purge down the environment here. - * If the jail is in any way malicious or compromised - * then it could have replaced /bin/ps which we run... - */ + /* Make sure we can use kvm functionality here */ + kd = open_kvm_handle(NULL, errbuf); + if(kd == NULL) + errx(1, "couldn't connect to kernel: %s", errbuf); - args = (char**)alloca(sizeof(char*) * (argc + 2)); - args[0] = "ps"; + kvm_close(kd); - for(i = 0; i < argc; i++) - args[i + 1] = argv[i]; + /* + * TODO: We need to purge down the environment here. + * If the jail is in any way malicious or compromised + * then it could have replaced /bin/ps which we run... + */ - args[i + 1] = NULL; + args = (char**)alloca(sizeof(char*) * (argc + 2)); + args[0] = "ps"; - run_jail_command(NULL, "/bin/ps", args, JAIL_RUN_NOFORK); + for(i = 0; i < argc; i++) + args[i + 1] = argv[i]; + + args[i + 1] = NULL; + + run_jail_command(NULL, "/bin/ps", args, JAIL_RUN_NOFORK); } static void print_jail_ids() { - kvm_t* kd; - int nentries, i; - struct kinfo_proc* kp; - char errbuf[_POSIX2_LINE_MAX]; - - /* Open kernel interface */ - kd = kvm_openfiles(_PATH_DEVNULL, _PATH_DEVNULL, NULL, O_RDONLY, errbuf); - if(kd == NULL) - errx(1, "couldn't connect to kernel: %s", errbuf); - - /* Get all processes and print the pids */ - if((kp = kvm_getprocs(kd, KERN_PROC_ALL, 0, &nentries)) == 0) - errx(1, "couldn't list processes: %s", kvm_geterr(kd)); - - for(i = 0; i < nentries; i++) - { - if(kp[i].ki_pid != getpid()) - printf("%d ", (int)(kp[i].ki_pid)); - } - - fputc('\n', stdout); - kvm_close(kd); + kvm_t* kd; + int nentries, i; + struct kinfo_proc* kp; + char errbuf[_POSIX2_LINE_MAX]; + + /* Open kernel interface */ + kd = open_kvm_handle(NULL, errbuf); + if(kd == NULL) + errx(1, "couldn't connect to kernel: %s", errbuf); + + /* Get all processes and print the pids */ + if((kp = kvm_getprocs(kd, KERN_PROC_ALL, 0, &nentries)) == 0) + errx(1, "couldn't list processes: %s", kvm_geterr(kd)); + + for(i = 0; i < nentries; i++) + { + if(kp[i].ki_pid != getpid()) + printf("%d ", (int)(kp[i].ki_pid)); + } + + fputc('\n', stdout); + kvm_close(kd); } - -- cgit v1.2.3