-
Notifications
You must be signed in to change notification settings - Fork 0
/
libchmod.c
61 lines (50 loc) · 1.61 KB
/
libchmod.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
/* Matija Nalis, mnalis-libchmod@voyager.hr, 2013 released under LGPLv3+ */
/* this essentially implements umask()-alike restrictions on chmod(2), fchmod(2) and fchmodat(2)
Use it to limit effects of 'SITE CHMOD' in vsftpd(8), for example (allow chmod 644, but not 777)
by doing "LD_PRELOAD=/usr/local/lib/libchmod.so vsftpd"
v1.1, 2013-01-16
*/
#define _GNU_SOURCE
#include <sys/stat.h>
#include <errno.h>
#include <dlfcn.h>
#define FORCE_UMASK (S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH) /* disable group and world writeable files, as well as SUID/SGID etc. special flags */
/*
* given mode, mask it with forced umask (removing group and others writeable bits)
*/
mode_t fix_mode(mode_t mode)
{
mode_t new_mode;
new_mode = mode & (FORCE_UMASK);
return (new_mode);
}
int chmod(const char *path, mode_t mode)
{
int (*libc_chmod)(const char *path, mode_t mode);
*(void **)(&libc_chmod) = dlsym(RTLD_NEXT, "chmod");
if(dlerror()) {
errno = EPERM;
return -1;
}
return (*libc_chmod)(path, fix_mode(mode));
}
int fchmod(int fd, mode_t mode)
{
int (*libc_fchmod)(int fd, mode_t mode);
*(void **)(&libc_fchmod) = dlsym(RTLD_NEXT, "fchmod");
if(dlerror()) {
errno = EPERM;
return -1;
}
return (*libc_fchmod)(fd, fix_mode(mode));
}
int fchmodat(int dirfd, const char *pathname, mode_t mode, int flags)
{
int (*libc_fchmodat)(int dirfd, const char *pathname, mode_t mode, int flags);
*(void **)(&libc_fchmodat) = dlsym(RTLD_NEXT, "fchmodat");
if(dlerror()) {
errno = EPERM;
return -1;
}
return (*libc_fchmodat)(dirfd, pathname, fix_mode(mode), flags);
}