J Reece Wilson
2ed05ce8dd
[*] Fixed stupid thread leak from a non-ipc semaphore being used under cow pages
249 lines
9.4 KiB
C++
249 lines
9.4 KiB
C++
/***
|
|
Copyright (C) 2021 J Reece Wilson (a/k/a "Reece"). All rights reserved.
|
|
|
|
File: AuOpen.Unix.cpp
|
|
Date: 2021-6-12
|
|
Author: Reece
|
|
***/
|
|
#include <RuntimeInternal.hpp>
|
|
#include "AuProcesses.hpp"
|
|
#include "AuOpen.Unix.hpp"
|
|
|
|
#include <unistd.h>
|
|
#include <Source/IO/FS/FS.hpp>
|
|
|
|
namespace Aurora::Processes
|
|
{
|
|
static void UnixOpenPartiallyBlocking(AuROString uri, int iType)
|
|
{
|
|
bool bDirExists {};
|
|
bool bFileExists {};
|
|
|
|
bFileExists = AuIOFS::FileExists(uri);
|
|
|
|
if (iType)
|
|
{
|
|
bDirExists = AuIOFS::DirExists(uri);
|
|
|
|
if (!bFileExists &&
|
|
!bDirExists)
|
|
{
|
|
SysPushErrorGeneric("Exploit attempt? Attempted to open non-existent file/directory. (request: {})", uri);
|
|
return;
|
|
}
|
|
|
|
if (bFileExists && !gRuntimeConfig.processesConfig.bBypassInternetBlockCheckOpenFile)
|
|
{
|
|
if (AuFS::IsFileBlocked(uri))
|
|
{
|
|
SysPushErrorGeneric("Exploit attempt? Attempted to open untrusted file/directory. (request: {})", uri);
|
|
return;
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (bFileExists)
|
|
{
|
|
SysPushErrorGeneric("Exploit attempt? Attempted to open existing file/directory via URI ({})", uri);
|
|
return;
|
|
}
|
|
}
|
|
|
|
if constexpr (AuBuild::kIsXnuDerived)
|
|
{
|
|
// TODO: MacOS/iOS support
|
|
}
|
|
else
|
|
{
|
|
static AuInitOnce gInitOnce;
|
|
static bool gUseDShid {};
|
|
|
|
gInitOnce.Call([]()
|
|
{
|
|
auto optStringA = AuProcess::EnvironmentGetOne("container");
|
|
auto optStringB = AuProcess::EnvironmentGetOne("AURORA_RUNTIME_USE_GDBUS_BIN_TO_PORTAL");
|
|
auto optStringC = AuProcess::EnvironmentGetOne("AURORA_RUNTIME_NO_MICROSOFT_REDHAT_SABOTAGE");
|
|
|
|
bool bIsFireJail = optStringA && optStringA.Value() == "firejail";
|
|
bool bIsForcedDBUS = optStringB && optStringB.Value() == "YES";
|
|
bool bAllowDbus = !optStringC && (AuFS::FileExists("/usr/bin/gdbus") || AuFS::FileExists("/bin/gdbus"));
|
|
|
|
gUseDShid = (bIsFireJail || bIsForcedDBUS || bAllowDbus);
|
|
});
|
|
|
|
if (!gUseDShid)
|
|
{
|
|
if (iType == 2)
|
|
{
|
|
AuROString out;
|
|
if (AuEndsWith(uri, '/'))
|
|
{
|
|
AuFS::GoUpToSeparator(out, uri);
|
|
AuFS::GoUpToSeparator(out, out);
|
|
}
|
|
else
|
|
{
|
|
AuFS::GoUpToSeparator(out, uri);
|
|
}
|
|
uri = out;
|
|
}
|
|
}
|
|
|
|
auto pSemaphore = AuLoop::NewLSSemaphoreSlow();
|
|
if (!pSemaphore)
|
|
{
|
|
SysPushErrorIOResourceFailure();
|
|
return;
|
|
}
|
|
volatile int type2 = iType;
|
|
|
|
auto iFork = fork();
|
|
if (iFork == 0)
|
|
{
|
|
auto pBaseURI = (char *)SysAllocateLarge(uri.size() + 1);
|
|
if (pBaseURI)
|
|
{
|
|
AuMemcpy(pBaseURI, uri.data(), uri.size());
|
|
pBaseURI[uri.size()] = 0;
|
|
}
|
|
|
|
int iType = type2;
|
|
|
|
// isn't posix fun?
|
|
setsid();
|
|
pSemaphore->AddOne();
|
|
// the original iType and uri buffer will be trashed from this point onwards
|
|
PosixFDYeetus();
|
|
PosixDoForkHooks();
|
|
PosixShutup();
|
|
|
|
// and as if dealing with posix isn't bad enough...
|
|
// here's some more redhat/lennart poettering/dbus/xdg bullshid requiring stringified leaked closexecless file descriptors
|
|
if (gUseDShid)
|
|
{
|
|
const char *pExecString {};
|
|
bool bFuckRedHat { true };
|
|
char incompetentRedCunts[32];
|
|
|
|
if (iType == 2)
|
|
{
|
|
pExecString = "org.freedesktop.portal.OpenURI.OpenDirectory";
|
|
}
|
|
else if (bFileExists || bDirExists)
|
|
{
|
|
pExecString = "org.freedesktop.portal.OpenURI.OpenFile";
|
|
}
|
|
else
|
|
{
|
|
pExecString = "org.freedesktop.portal.OpenURI.OpenURI";
|
|
bFuckRedHat = false;
|
|
}
|
|
|
|
// it only gets worse, doesn't it?
|
|
if (bFuckRedHat)
|
|
{
|
|
int fu = PosixOpen(pBaseURI,
|
|
O_RDONLY,
|
|
0664); // dont care. use a real os that isnt controlled by redhat
|
|
snprintf(incompetentRedCunts, 32, "%i", fu);
|
|
pBaseURI = incompetentRedCunts;
|
|
}
|
|
|
|
// and now we pray to the demons of dshid
|
|
execlp("gdbus",
|
|
"gdbus",
|
|
"call",
|
|
"--session",
|
|
"--dest", "org.freedesktop.portal.Desktop",
|
|
"--object-path", "/org/freedesktop/portal/desktop",
|
|
"--method", pExecString,
|
|
"",
|
|
pBaseURI,
|
|
"{}",
|
|
(char *)nullptr);
|
|
}
|
|
else
|
|
{
|
|
// how did we go from this to the above redhat bs?
|
|
// freetards have no standards whatsoever - in both a literal and figurative sense
|
|
if (AuFS::FileExists("/bin/xdg-open"))
|
|
{
|
|
execl("/bin/xdg-open", "xdg-open", pBaseURI, (char *)nullptr);
|
|
}
|
|
else if (AuFS::FileExists("/usr/bin/xdg-open"))
|
|
{
|
|
execl("/usr/bin/xdg-open", "xdg-open", pBaseURI, (char *)nullptr);
|
|
}
|
|
else if (AuFS::FileExists("/usr/local/bin/xdg-open"))
|
|
{
|
|
execl("/usr/local/bin/xdg-open", "xdg-open", pBaseURI, (char *)nullptr);
|
|
}
|
|
else
|
|
{
|
|
execlp("xdg-open", "xdg-open", pBaseURI, (char *)nullptr);
|
|
}
|
|
}
|
|
|
|
exit(0);
|
|
}
|
|
else if (iFork > 0)
|
|
{
|
|
pSemaphore->WaitOn();
|
|
}
|
|
}
|
|
}
|
|
|
|
static void UnixOpenAsync(const AuROString &uri, int iType)
|
|
{
|
|
if (uri.empty())
|
|
{
|
|
return;
|
|
}
|
|
|
|
#if 0
|
|
// TODO: If we are to truly care about the AuFS::XXXExists stats, create an ordered work queue for a singlar thread,
|
|
// like the NT version of this file. Should anyone want to write a xdg-open-like util, it's possible for this
|
|
// detached thread to be forcefully terminated before the setsid(). A singular thread would guarantee order
|
|
// and hide any (networked?) filesystem stalls.
|
|
//
|
|
// - On Linux caching away these issues -
|
|
//
|
|
// Linux aggressively caches inodes leading idiots to believe linux io is somehow superior to NT and FreeBSD
|
|
// - its not, *spawn thread* *spawn thread*, tell u what, *kthread_create* - even though it's really just
|
|
// usecases like this, opens without lock advisories, where Linux pretends to be faster through caching we
|
|
// probably shouldn't expect, want, or desire. Who wants heavy caching under an OS that randomly OOM kills?
|
|
// Who wants defacto unsafe removal storage? Who wants Linus malding over "database dbs" for daring to want
|
|
// less abstractions in the form of "i know best" caches - """"optimizations"""""? Linshit is held together
|
|
// by god damn sellotape, their file systems are a clusterfuck, there's no efficient IO scheduler, and ofc
|
|
// everything god damn thing has to block. I digress..
|
|
//
|
|
// On the plus side, our stats should be basically free memcpys of user-prewarmed directory nodes between IPC
|
|
// boundaries. I mean, the end-user didn't just guess the realpath, no? The calling thread didn't just guess the
|
|
// existence of a file, did it? Odds are, we wont need to hit any form of IO before the real work under a fork.
|
|
// I guess we can trust Linuxs crappy caching to nuke the requirement of a thread pool; unlike Win32, that needs
|
|
// a COM initialized thread and will probably ad-hoc link in shell libraries [slowly].
|
|
//
|
|
// It is therefore the case we shouldn't need a worker thread for Linux.
|
|
//
|
|
AuThreads::Spawn(std::bind(&UnixOpenAsyncThread, AuString(uri), iType), true);
|
|
#else
|
|
UnixOpenPartiallyBlocking(uri, iType);
|
|
#endif
|
|
}
|
|
|
|
AUKN_SYM void OpenUri(const AuROString &uri)
|
|
{
|
|
UnixOpenAsync(uri, 0);
|
|
}
|
|
|
|
AUKN_SYM void OpenFile(const AuROString &file)
|
|
{
|
|
UnixOpenAsync(file, 1);
|
|
}
|
|
|
|
AUKN_SYM void RevealInDirectory(const AuROString &file)
|
|
{
|
|
UnixOpenAsync(file, 2);
|
|
}
|
|
} |