diff options
| author | namilsk <namilsk@namilsk.tech> | 2026-01-10 22:30:03 +0300 |
|---|---|---|
| committer | namilsk <namilsk@namilsk.tech> | 2026-01-10 22:30:03 +0300 |
| commit | 821380613075ac91410644cb9fed900ab6a1df61 (patch) | |
| tree | 959cbb84acc9e0e592652483eeac73788ef366a9 | |
| parent | df2a2b696d5fa70b630779940aed7a3ee33eaee8 (diff) | |
Fixed some security issues, `.wait()?` call for `udev`. Fixed one panic-possibility and started implementing killing zombie-processes funtional
| -rw-r--r-- | init/src/mounts/fstab.rs | 23 | ||||
| -rw-r--r-- | init/src/mounts/rescue.rs | 46 | ||||
| -rw-r--r-- | init/src/processes/udev.rs | 4 |
3 files changed, 65 insertions, 8 deletions
diff --git a/init/src/mounts/fstab.rs b/init/src/mounts/fstab.rs index b8708e2..4d9b474 100644 --- a/init/src/mounts/fstab.rs +++ b/init/src/mounts/fstab.rs @@ -1,6 +1,8 @@ use crate::log::{log_critical_error, log_success, log_warning}; use libc::syscall; use std::ffi::CString; +use std::fs::{create_dir, metadata}; +use std::os::unix::fs::MetadataExt; use std::{fmt, fs}; #[derive(Debug)] @@ -114,7 +116,28 @@ impl FstabEntry { Ok((flags, data)) } + fn check_mount_point_permissions(path: &str) -> Result<(), Box<dyn std::error::Error>> { + if !std::path::Path::new(path).exists() { + create_dir(path)?; + } + + let meta = metadata(path)?; + if !meta.is_dir() { + return Err(format!("Mount point {} is not a directory", path).into()); + } + let uid = meta.uid(); + if uid != 0 { + log_warning(&format!("Warning: Mount point {} not owned by root", path)); + } + + Ok(()) + } + pub fn mount(&self) -> Result<(), Box<dyn std::error::Error>> { + if let Err(e) = Self::check_mount_point_permissions(&self.mountpoint) { + log_warning(&format!("Permission check failed for {}: {}", self.mountpoint, e)); + } + log_success(&format!( "Started mounting {} from {}", self.mountpoint, self.source diff --git a/init/src/mounts/rescue.rs b/init/src/mounts/rescue.rs index 078984d..2238297 100644 --- a/init/src/mounts/rescue.rs +++ b/init/src/mounts/rescue.rs @@ -1,6 +1,29 @@ -use crate::log::log_success; +use crate::log::{log_success, log_warning}; use std::ffi::CString; -use std::fs::create_dir; +use std::fs::{create_dir, metadata}; +use std::os::unix::fs::MetadataExt; + +fn check_mount_point_permissions(path: &str) -> Result<(), Box<dyn std::error::Error>> { + if !std::path::Path::new(path).exists() { + create_dir(path)?; + } + + let meta = metadata(path)?; + + if !meta.is_dir() { + return Err(format!("Mount point {} is not a directory", path).into()); + } + + // TODO + // let mode = meta.mode(); + + let uid = meta.uid(); + if uid != 0 { + log_warning(&format!("Warning: Mount point {} not owned by root", path)); + } + + Ok(()) +} pub fn mount_system() -> Result<(), Box<dyn std::error::Error>> { let mounts: &[(&str, &str, Option<&str>)] = &[ @@ -13,11 +36,24 @@ pub fn mount_system() -> Result<(), Box<dyn std::error::Error>> { unsafe { for &(target, fstype, source) in mounts { + if let Err(e) = check_mount_point_permissions(target) { + log_warning(&format!("Permission check failed for {}: {}", target, e)); + } + let target_c = CString::new(target)?; let fstype_c = CString::new(fstype)?; - let source_c = source.map(|s| CString::new(s).unwrap()); - - let _ = create_dir(target); + // let source_c = source.map(|s| CString::new(s).map_err(|e| )); + let source_c = match source { + Some(s) => match CString::new(s) { + Ok(c_string) => Some(c_string), + Err(null_err) => { + log_warning(&format!("Source string contains NULL bytes (\\0), skipping: {}", null_err)); + continue; + } + }, + None => None + }; + let source_ptr = source_c.as_ref().map_or(std::ptr::null(), |s| s.as_ptr()); diff --git a/init/src/processes/udev.rs b/init/src/processes/udev.rs index 7cb6a5d..9979f30 100644 --- a/init/src/processes/udev.rs +++ b/init/src/processes/udev.rs @@ -15,12 +15,10 @@ pub fn spawn_udev() -> Result<(), Box<dyn std::error::Error>> { "udevd not found in standard locations".into() })?; - let mut child = Command::new(udevd_path).arg("--daemon").spawn().map_err( + Command::new(udevd_path).arg("--daemon").spawn().map_err( |e| -> Box<dyn std::error::Error> { format!("Failed to spawn udevd: {}", e).into() }, )?; - child.wait()?; - Command::new(udevd_path).arg("--trigger").output().map_err( |e| -> Box<dyn std::error::Error> { format!("Failed to trigger udev: {}", e).into() }, )?; |