1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// The following is duplicated from base/linux_utils.cc.
// We shouldn't link against C++ code in a setuid binary.
#include "linux_util.h"
#include <dirent.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <unistd.h>
// expected prefix of the target of the /proc/self/fd/%d link for a socket
static const char kSocketLinkPrefix[] = "socket:[";
// Parse a symlink in /proc/pid/fd/$x and return the inode number of the
// socket.
// inode_out: (output) set to the inode number on success
// path: e.g. /proc/1234/fd/5 (must be a UNIX domain socket descriptor)
static bool ProcPathGetInode(ino_t* inode_out, const char* path) {
char buf[256];
const ssize_t n = readlink(path, buf, sizeof(buf) - 1);
if (n == -1)
return false;
buf[n] = 0;
if (memcmp(kSocketLinkPrefix, buf, sizeof(kSocketLinkPrefix) - 1))
return false;
char *endptr;
const unsigned long long int inode_ul =
strtoull(buf + sizeof(kSocketLinkPrefix) - 1, &endptr, 10);
if (*endptr != ']')
return false;
if (inode_ul == ULLONG_MAX)
return false;
*inode_out = inode_ul;
return true;
}
bool FindProcessHoldingSocket(pid_t* pid_out, ino_t socket_inode) {
bool already_found = false;
DIR* proc = opendir("/proc");
if (!proc)
return false;
const uid_t uid = getuid();
struct dirent* dent;
while ((dent = readdir(proc))) {
char *endptr;
const unsigned long int pid_ul = strtoul(dent->d_name, &endptr, 10);
if (pid_ul == ULONG_MAX || *endptr)
continue;
// We have this setuid code here because the zygote and its children have
// /proc/$pid/fd owned by root. While scanning through /proc, we add this
// extra check so users cannot accidentally gain information about other
// users' processes. To determine process ownership, we use the property
// that if user foo owns process N, then /proc/N is owned by foo.
{
char buf[256];
struct stat statbuf;
snprintf(buf, sizeof(buf), "/proc/%lu", pid_ul);
if (stat(buf, &statbuf) < 0)
continue;
if (uid != statbuf.st_uid)
continue;
}
char buf[256];
snprintf(buf, sizeof(buf), "/proc/%lu/fd", pid_ul);
DIR* fd = opendir(buf);
if (!fd)
continue;
while ((dent = readdir(fd))) {
int printed = snprintf(buf, sizeof(buf), "/proc/%lu/fd/%s", pid_ul,
dent->d_name);
if (printed < 0 || printed >= (int)(sizeof(buf) - 1)) {
continue;
}
ino_t fd_inode;
if (ProcPathGetInode(&fd_inode, buf)) {
if (fd_inode == socket_inode) {
if (already_found) {
closedir(fd);
closedir(proc);
return false;
}
already_found = true;
*pid_out = pid_ul;
break;
}
}
}
closedir(fd);
}
closedir(proc);
return already_found;
}
|
