From 2c7d1ce088ba9b588652f58616eb2a8d7748ca88 Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Sat, 16 Oct 2021 06:15:05 +0200 Subject: [PATCH] passt: Static builds: don't redefine __vsyslog(), skip getpwnam() and initgroups() Signed-off-by: Stefano Brivio --- Makefile | 2 +- conf.c | 3 ++- passt.c | 15 ++++++++++----- util.c | 11 +++++++---- util.h | 2 +- 5 files changed, 21 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index 26b6840..0697b53 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ all: passt pasta passt4netns qrap avx2: CFLAGS += -Ofast -mavx2 -ftree-vectorize -funroll-loops avx2: clean all -static: CFLAGS += -static +static: CFLAGS += -static -DGLIBC_NO_STATIC_NSS static: clean all seccomp.h: *.c $(filter-out seccomp.h,$(wildcard *.h)) diff --git a/conf.c b/conf.c index b91d09b..4287630 100644 --- a/conf.c +++ b/conf.c @@ -293,7 +293,8 @@ static void get_dns(struct ctx *c) if ((fd = open("/etc/resolv.conf", O_RDONLY)) < 0) goto out; - while (!(*buf = 0) && line_read(buf, BUFSIZ, fd)) { + *buf = 0; + while (line_read(buf, BUFSIZ, fd)) { if (!dns_set && strstr(buf, "nameserver ") == buf) { p = strrchr(buf, ' '); if (!p) diff --git a/passt.c b/passt.c index 3e45095..6878668 100644 --- a/passt.c +++ b/passt.c @@ -212,17 +212,22 @@ static void check_root(void) close(fd); fprintf(stderr, "Don't run this as root. Changing to nobody...\n"); +#ifndef GLIBC_NO_STATIC_NSS pw = getpwnam("nobody"); if (!pw) { perror("getpwnam"); exit(EXIT_FAILURE); } - if (initgroups(pw->pw_name, pw->pw_gid) || - setgid(pw->pw_gid) || setuid(pw->pw_uid)) { - fprintf(stderr, "Can't change to user/group nobody, exiting"); - exit(EXIT_FAILURE); - } + if (!initgroups(pw->pw_name, pw->pw_gid) && + !setgid(pw->pw_gid) && !setuid(pw->pw_uid)) + return; +#else + (void)pw; +#endif + + fprintf(stderr, "Can't change to user/group nobody, exiting"); + exit(EXIT_FAILURE); } /** diff --git a/util.c b/util.c index 016749c..56b256d 100644 --- a/util.c +++ b/util.c @@ -37,7 +37,7 @@ #include "util.h" #include "passt.h" -/* For __openlog() and __setlogmask() wrappers, and __vsyslog() (replacement) */ +/* For __openlog() and __setlogmask() wrappers, and passt_vsyslog() */ static int log_mask; static int log_sock = -1; static char log_ident[BUFSIZ]; @@ -56,7 +56,7 @@ void name(const char *format, ...) { \ tp.tv_nsec / (100 * 1000)); \ } else { \ va_start(args, format); \ - __vsyslog(level, format, args); \ + passt_vsyslog(level, format, args); \ va_end(args); \ } \ \ @@ -121,12 +121,12 @@ void __setlogmask(int mask) } /** - * __vsyslog() - vsyslog() implementation not using heap memory + * passt_vsyslog() - vsyslog() implementation not using heap memory * @pri: Facility and level map, same as priority for vsyslog() * @format: Same as vsyslog() format * @ap: Same as vsyslog() ap */ -void __vsyslog(int pri, const char *format, va_list ap) +void passt_vsyslog(int pri, const char *format, va_list ap) { char buf[BUFSIZ]; int n; @@ -389,6 +389,9 @@ char *line_read(char *buf, size_t len, int fd) p = buf + strlen(buf) + 1; + while (*p == '\n' && strlen(p) && (size_t)(p - buf) < len) + p++; + if (!(nl = strchr(p, '\n'))) return NULL; *nl = 0; diff --git a/util.h b/util.h index a2ed791..d5bff0c 100644 --- a/util.h +++ b/util.h @@ -147,7 +147,7 @@ enum bind_type { struct ctx; void __openlog(const char *ident, int option, int facility); -void __vsyslog(int pri, const char *fmt, va_list ap); +void passt_vsyslog(int pri, const char *fmt, va_list ap); void __setlogmask(int mask); char *ipv6_l4hdr(struct ipv6hdr *ip6h, uint8_t *proto); int sock_l4(struct ctx *c, int af, uint8_t proto, uint16_t port,