Browse Source

Secure promiscuous mode for linux futexes

Adjusts the permissions of linux futexes when promiscuous mode is enabled.
tags/v1.9.12
Cédric Schieli 5 years ago
parent
commit
5d89eba8c7
2 changed files with 19 additions and 3 deletions
  1. +16
    -1
      linux/JackLinuxFutex.cpp
  2. +3
    -2
      linux/JackLinuxFutex.h

+ 16
- 1
linux/JackLinuxFutex.cpp View File

@@ -22,6 +22,7 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#include "JackTools.h"
#include "JackConstants.h"
#include "JackError.h"
#include "promiscuous.h"
#include <fcntl.h>
#include <stdio.h>
#include <sys/mman.h>
@@ -31,11 +32,18 @@ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
namespace Jack
{

JackLinuxFutex::JackLinuxFutex() : JackSynchro(), fSharedMem(-1), fFutex(NULL), fPrivate(false)
{
const char* promiscuous = getenv("JACK_PROMISCUOUS_SERVER");
fPromiscuous = (promiscuous != NULL);
fPromiscuousGid = jack_group2gid(promiscuous);
}

void JackLinuxFutex::BuildName(const char* client_name, const char* server_name, char* res, int size)
{
char ext_client_name[SYNC_MAX_NAME_SIZE + 1];
JackTools::RewriteName(client_name, ext_client_name);
if (getenv("JACK_PROMISCUOUS_SERVER")) {
if (fPromiscuous) {
snprintf(res, size, "jack_sem.%s_%s", server_name, ext_client_name);
} else {
snprintf(res, size, "jack_sem.%d_%s_%s", JackTools::GetUID(), server_name, ext_client_name);
@@ -132,6 +140,13 @@ bool JackLinuxFutex::Allocate(const char* name, const char* server_name, int val

ftruncate(fSharedMem, sizeof(FutexData));

if (fPromiscuous && (jack_promiscuous_perms(fSharedMem, fName, fPromiscuousGid) < 0)) {
close(fSharedMem);
fSharedMem = -1;
shm_unlink(fName);
return false;
}

if ((fFutex = (FutexData*)mmap(NULL, sizeof(FutexData), PROT_READ|PROT_WRITE, MAP_SHARED|MAP_LOCKED, fSharedMem, 0)) == NULL) {
jack_error("Allocate: can't check in named futex name = %s err = %s", fName, strerror(errno));
close(fSharedMem);


+ 3
- 2
linux/JackLinuxFutex.h View File

@@ -53,6 +53,8 @@ class SERVER_EXPORT JackLinuxFutex : public detail::JackSynchro
int fSharedMem;
FutexData* fFutex;
bool fPrivate;
bool fPromiscuous;
int fPromiscuousGid;

protected:

@@ -60,8 +62,7 @@ class SERVER_EXPORT JackLinuxFutex : public detail::JackSynchro

public:

JackLinuxFutex():JackSynchro(), fSharedMem(-1), fFutex(NULL), fPrivate(false)
{}
JackLinuxFutex();

bool Signal();
bool SignalAll();


Loading…
Cancel
Save