security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

agent,kbx: Fix reliable_homedir_inotify (1/2). 

* agent/gpg-agent.c (reliable_homedir_inotify): Remove the global.
(handle_connections): Add reliable_homedir_inotify as an arg.
Don't call gnupg_inotify_watch_delete_self when it's not reliable.
(check_others_thread): No check of reliable_homedir_inotify repeatedly
in the loop.
* kbx/keyboxd.c (reliable_homedir_inotify): Remove the global.
(handle_connections): Add reliable_homedir_inotify as an arg.
(handle_tick): No check of reliable_homedir_inotify in the loop.

--

Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2023-12-26 11:47:09 +09:00
parent 2764ee309a
commit c44f0bc91e
No known key found for this signature in database
GPG Key ID: 640114AF89DE6054
2 changed files with 22 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
agent/gpg-agent.c
View File

@ -479,11 +479,6 @@ static pid_t parent_pid = (pid_t)(-1);
* alternative but portable stat based check. */ * alternative but portable stat based check. */
static int have_homedir_inotify; static int have_homedir_inotify;
/* Depending on how gpg-agent was started, the homedir inotify watch
* may not be reliable. This flag is set if we assume that inotify
* works reliable. */
static int reliable_homedir_inotify;
/* Number of active connections. */ /* Number of active connections. */
static int active_connections; static int active_connections;
@ -533,7 +528,8 @@ static void agent_deinit_default_ctrl (ctrl_t ctrl);
static void handle_connections (gnupg_fd_t listen_fd, static void handle_connections (gnupg_fd_t listen_fd,
gnupg_fd_t listen_fd_extra, gnupg_fd_t listen_fd_extra,
gnupg_fd_t listen_fd_browser, gnupg_fd_t listen_fd_browser,
gnupg_fd_t listen_fd_ssh); gnupg_fd_t listen_fd_ssh,
int reliable_homedir_inotify);
static int check_for_running_agent (int silent); static int check_for_running_agent (int silent);
#if CHECK_OWN_SOCKET_INTERVAL > 0 #if CHECK_OWN_SOCKET_INTERVAL > 0
static void *check_own_socket_thread (void *arg); static void *check_own_socket_thread (void *arg);
@ -1097,6 +1093,7 @@ main (int argc, char **argv)
int gpgconf_list = 0; int gpgconf_list = 0;
gpg_error_t err; gpg_error_t err;
struct assuan_malloc_hooks malloc_hooks; struct assuan_malloc_hooks malloc_hooks;
int reliable_homedir_inotify = 0;
early_system_init (); early_system_init ();
@ -1594,7 +1591,7 @@ main (int argc, char **argv)
log_info ("listening on: std=%d extra=%d browser=%d ssh=%d\n", log_info ("listening on: std=%d extra=%d browser=%d ssh=%d\n",
fd, fd_extra, fd_browser, fd_ssh); fd, fd_extra, fd_browser, fd_ssh);
handle_connections (fd, fd_extra, fd_browser, fd_ssh); handle_connections (fd, fd_extra, fd_browser, fd_ssh, 1);
#endif /*!HAVE_W32_SYSTEM*/ #endif /*!HAVE_W32_SYSTEM*/
} }
else if (!is_daemon) else if (!is_daemon)
@ -1848,7 +1845,8 @@ main (int argc, char **argv)
} }
log_info ("%s %s started\n", gpgrt_strusage(11), gpgrt_strusage(13) ); log_info ("%s %s started\n", gpgrt_strusage(11), gpgrt_strusage(13) );
handle_connections (fd, fd_extra, fd_browser, fd_ssh); handle_connections (fd, fd_extra, fd_browser, fd_ssh,
reliable_homedir_inotify);
assuan_sock_close (fd); assuan_sock_close (fd);
} }
@ -2966,7 +2964,8 @@ static void
handle_connections (gnupg_fd_t listen_fd, handle_connections (gnupg_fd_t listen_fd,
gnupg_fd_t listen_fd_extra, gnupg_fd_t listen_fd_extra,
gnupg_fd_t listen_fd_browser, gnupg_fd_t listen_fd_browser,
gnupg_fd_t listen_fd_ssh) gnupg_fd_t listen_fd_ssh,
int reliable_homedir_inotify)
{ {
gpg_error_t err; gpg_error_t err;
npth_attr_t tattr; npth_attr_t tattr;
@ -3042,8 +3041,10 @@ handle_connections (gnupg_fd_t listen_fd,
gpg_strerror (err)); gpg_strerror (err));
} }
if ((err = gnupg_inotify_watch_delete_self (&home_inotify_fd, if (!reliable_homedir_inotify)
gnupg_homedir ()))) home_inotify_fd = -1;
else if ((err = gnupg_inotify_watch_delete_self (&home_inotify_fd,
gnupg_homedir ())))
{ {
if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED) if (gpg_err_code (err) != GPG_ERR_NOT_SUPPORTED)
log_info ("error enabling daemon termination by homedir removal: %s\n", log_info ("error enabling daemon termination by homedir removal: %s\n",
@ -3064,7 +3065,7 @@ handle_connections (gnupg_fd_t listen_fd,
#endif #endif
if ((HAVE_PARENT_PID_SUPPORT && parent_pid != (pid_t)(-1)) if ((HAVE_PARENT_PID_SUPPORT && parent_pid != (pid_t)(-1))
|| (!have_homedir_inotify || !reliable_homedir_inotify)) || !have_homedir_inotify)
{ {
npth_t thread; npth_t thread;
@ -3462,7 +3463,7 @@ check_others_thread (void *arg)
#endif /*HAVE_W32_SYSTEM*/ #endif /*HAVE_W32_SYSTEM*/
/* Check whether the homedir is still available. */ /* Check whether the homedir is still available. */
if ((!have_homedir_inotify || !reliable_homedir_inotify) if (!have_homedir_inotify
&& gnupg_stat (homedir, &statbuf) && errno == ENOENT) && gnupg_stat (homedir, &statbuf) && errno == ENOENT)
problem_detected |= AGENT_PROBLEM_HOMEDIR_REMOVED; problem_detected |= AGENT_PROBLEM_HOMEDIR_REMOVED;
} }

18
kbx/keyboxd.c
View File

@ -204,11 +204,6 @@ static char *current_logfile;
* alternative but portable stat based check. */ * alternative but portable stat based check. */
static int have_homedir_inotify; static int have_homedir_inotify;
/* Depending on how keyboxd was started, the homedir inotify watch may
* not be reliable. This flag is set if we assume that inotify works
* reliable. */
static int reliable_homedir_inotify;
/* Number of active connections. */ /* Number of active connections. */
static int active_connections; static int active_connections;
@ -254,7 +249,8 @@ static void kbxd_libgcrypt_progress_cb (void *data, const char *what,
static void kbxd_init_default_ctrl (ctrl_t ctrl); static void kbxd_init_default_ctrl (ctrl_t ctrl);
static void kbxd_deinit_default_ctrl (ctrl_t ctrl); static void kbxd_deinit_default_ctrl (ctrl_t ctrl);
static void handle_connections (gnupg_fd_t listen_fd); static void handle_connections (gnupg_fd_t listen_fd,
int reliable_homedir_inotify);
static void check_own_socket (void); static void check_own_socket (void);
static int check_for_running_kbxd (int silent); static int check_for_running_kbxd (int silent);
@ -464,6 +460,8 @@ main (int argc, char **argv )
int gpgconf_list = 0; int gpgconf_list = 0;
int debug_wait = 0; int debug_wait = 0;
struct assuan_malloc_hooks malloc_hooks; struct assuan_malloc_hooks malloc_hooks;
int reliable_homedir_inotify = 0;
early_system_init (); early_system_init ();
@ -846,7 +844,7 @@ main (int argc, char **argv )
} }
log_info ("%s %s started\n", gpgrt_strusage(11), gpgrt_strusage(13)); log_info ("%s %s started\n", gpgrt_strusage(11), gpgrt_strusage(13));
handle_connections (fd); handle_connections (fd, reliable_homedir_inotify);
assuan_sock_close (fd); assuan_sock_close (fd);
} }
@ -1300,7 +1298,7 @@ handle_tick (void)
/* Check whether the homedir is still available. */ /* Check whether the homedir is still available. */
if (!shutdown_pending if (!shutdown_pending
&& (!have_homedir_inotify || !reliable_homedir_inotify) && !have_homedir_inotify
&& gnupg_stat (gnupg_homedir (), &statbuf) && errno == ENOENT) && gnupg_stat (gnupg_homedir (), &statbuf) && errno == ENOENT)
{ {
shutdown_pending = 1; shutdown_pending = 1;
@ -1448,7 +1446,7 @@ start_connection_thread (void *arg)
/* Connection handler loop. Wait for connection requests and spawn a /* Connection handler loop. Wait for connection requests and spawn a
* thread after accepting a connection. */ * thread after accepting a connection. */
static void static void
handle_connections (gnupg_fd_t listen_fd) handle_connections (gnupg_fd_t listen_fd, int reliable_homedir_inotify)
{ {
gpg_error_t err; gpg_error_t err;
npth_attr_t tattr; npth_attr_t tattr;
@ -1503,7 +1501,7 @@ handle_connections (gnupg_fd_t listen_fd)
gpg_strerror (err)); gpg_strerror (err));
} }
if (disable_check_own_socket) if (!reliable_homedir_inotify)
home_inotify_fd = -1; home_inotify_fd = -1;
else if ((err = gnupg_inotify_watch_delete_self (&home_inotify_fd, else if ((err = gnupg_inotify_watch_delete_self (&home_inotify_fd,
gnupg_homedir ()))) gnupg_homedir ())))