Fixed some security issues, `.wait()?` call for `udev`. Fixed one panic-possibility and started implementing killing zombie-processes funtional

author: namilsk <namilsk@namilsk.tech> 2026-01-10 22:30:03 +0300
committer: namilsk <namilsk@namilsk.tech> 2026-01-10 22:30:03 +0300
commit: 821380613075ac91410644cb9fed900ab6a1df61 (patch)
tree: 959cbb84acc9e0e592652483eeac73788ef366a9 /init
parent: df2a2b696d5fa70b630779940aed7a3ee33eaee8 (diff)
3 files changed, 65 insertions, 8 deletions
diff --git a/init/src/mounts/fstab.rs b/init/src/mounts/fstab.rs
index b8708e2..4d9b474 100644
--- a/init/src/mounts/fstab.rs
+++ b/init/src/mounts/fstab.rs
@@ -1,6 +1,8 @@
 use crate::log::{log_critical_error, log_success, log_warning};
 use libc::syscall;
 use std::ffi::CString;
+use std::fs::{create_dir, metadata};
+use std::os::unix::fs::MetadataExt;
 use std::{fmt, fs};
 
 #[derive(Debug)]
@@ -114,7 +116,28 @@ impl FstabEntry {
         Ok((flags, data))
     }
 
+    fn check_mount_point_permissions(path: &str) -> Result<(), Box<dyn std::error::Error>> {
+        if !std::path::Path::new(path).exists() {
+            create_dir(path)?;
+        }
+
+        let meta = metadata(path)?;
+        if !meta.is_dir() {
+            return Err(format!("Mount point {} is not a directory", path).into());
+        }
+        let uid = meta.uid();
+        if uid != 0 {
+            log_warning(&format!("Warning: Mount point {} not owned by root", path));
+        }
+
+        Ok(())
+    }
+
     pub fn mount(&self) -> Result<(), Box<dyn std::error::Error>> {
+        if let Err(e) = Self::check_mount_point_permissions(&self.mountpoint) {
+            log_warning(&format!("Permission check failed for {}: {}", self.mountpoint, e));
+        }
+
         log_success(&format!(
             "Started mounting {} from {}",
             self.mountpoint, self.source
diff --git a/init/src/mounts/rescue.rs b/init/src/mounts/rescue.rs
index 078984d..2238297 100644
--- a/init/src/mounts/rescue.rs
+++ b/init/src/mounts/rescue.rs
@@ -1,6 +1,29 @@
-use crate::log::log_success;
+use crate::log::{log_success, log_warning};
 use std::ffi::CString;
-use std::fs::create_dir;
+use std::fs::{create_dir, metadata};
+use std::os::unix::fs::MetadataExt;
+
+fn check_mount_point_permissions(path: &str) -> Result<(), Box<dyn std::error::Error>> {
+    if !std::path::Path::new(path).exists() {
+        create_dir(path)?;
+    }
+
+    let meta = metadata(path)?;
+
+    if !meta.is_dir() {
+        return Err(format!("Mount point {} is not a directory", path).into());
+    }
+    
+    // TODO
+    // let mode = meta.mode();
+    
+    let uid = meta.uid();
+    if uid != 0 {
+        log_warning(&format!("Warning: Mount point {} not owned by root", path));
+    }
+
+    Ok(())
+}
 
 pub fn mount_system() -> Result<(), Box<dyn std::error::Error>> {
     let mounts: &[(&str, &str, Option<&str>)] = &[
@@ -13,11 +36,24 @@ pub fn mount_system() -> Result<(), Box<dyn std::error::Error>> {
 
     unsafe {
         for &(target, fstype, source) in mounts {
+            if let Err(e) = check_mount_point_permissions(target) {
+                log_warning(&format!("Permission check failed for {}: {}", target, e));
+            }
+
             let target_c = CString::new(target)?;
             let fstype_c = CString::new(fstype)?;
-            let source_c = source.map(|s| CString::new(s).unwrap());
-
-            let _ = create_dir(target);
+            // let source_c = source.map(|s| CString::new(s).map_err(|e| ));
+            let source_c = match source {
+                Some(s) => match CString::new(s) {
+                    Ok(c_string) => Some(c_string), 
+                    Err(null_err) => {
+                        log_warning(&format!("Source string contains NULL bytes (\\0), skipping: {}", null_err)); 
+                        continue; 
+                    } 
+                }, 
+                None => None
+            }; 
+                        
 
             let source_ptr = source_c.as_ref().map_or(std::ptr::null(), |s| s.as_ptr());
 
diff --git a/init/src/processes/udev.rs b/init/src/processes/udev.rs
index 7cb6a5d..9979f30 100644
--- a/init/src/processes/udev.rs
+++ b/init/src/processes/udev.rs
@@ -15,12 +15,10 @@ pub fn spawn_udev() -> Result<(), Box<dyn std::error::Error>> {
             "udevd not found in standard locations".into()
         })?;
 
-    let mut child = Command::new(udevd_path).arg("--daemon").spawn().map_err(
+    Command::new(udevd_path).arg("--daemon").spawn().map_err(
         |e| -> Box<dyn std::error::Error> { format!("Failed to spawn udevd: {}", e).into() },
     )?;
 
-    child.wait()?;
-
     Command::new(udevd_path).arg("--trigger").output().map_err(
         |e| -> Box<dyn std::error::Error> { format!("Failed to trigger udev: {}", e).into() },
     )?;
author	namilsk <namilsk@namilsk.tech>	2026-01-10 22:30:03 +0300
committer	namilsk <namilsk@namilsk.tech>	2026-01-10 22:30:03 +0300
commit	821380613075ac91410644cb9fed900ab6a1df61 (patch)
tree	959cbb84acc9e0e592652483eeac73788ef366a9 /init
parent	df2a2b696d5fa70b630779940aed7a3ee33eaee8 (diff)