paxctld regular file check bug fix (patch included)

Discuss and suggest new grsecurity features

paxctld regular file check bug fix (patch included)

Postby damirv » Wed Jun 01, 2016 3:28 pm

Hi,

We have encountered some problems when using config files located in /etc/paxctld.d/ on some kernel/filesystem combinations. It turns out that checking
Code: Select all
conf_file->d_type != DT_REG
is not that reliable, as some filesystems always return DT_UNKNOWN.

The following simple fix solves the problem for us:
Code: Select all
---
 paxctld.c | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/paxctld.c b/paxctld.c
index 7934620..d2c75d0 100644
--- a/paxctld.c
+++ b/paxctld.c
@@ -471,12 +471,17 @@ int main(int argc, char *argv[])
       char tmppath[PATH_MAX];

       while ((conf_file = readdir(dir))) {
-         if (conf_file->d_name[0] == '.')
-            continue;
-         if (conf_file->d_type != DT_REG)
-            continue;
          strcpy(tmppath, DEFAULT_PAXCTLD_CONF_DIR "/");
          strncat(tmppath, conf_file->d_name, sizeof(tmppath)-1);
+         struct stat stbuf;
+         stat(tmppath, &stbuf);
+
+         if (!S_ISREG(stbuf.st_mode))
+            continue;
+
+         if (conf_file->d_name[0] == '.')
+            continue;
+
          parse_config(tmppath, &config);
       }
       closedir(dir);
--


Kind regards,

Damir Vandic
damirv
 
Posts: 1
Joined: Wed Jun 01, 2016 3:16 pm

Return to grsecurity development