diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 03:50:42 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-12 03:50:42 +0000 |
commit | 78e9bb837c258ac0ec7712b3d612cc2f407e731e (patch) | |
tree | f515d16b6efd858a9aeb5b0ef5d6f90bf288283d /src/analyze/analyze-security.c | |
parent | Adding debian version 255.5-1. (diff) | |
download | systemd-78e9bb837c258ac0ec7712b3d612cc2f407e731e.tar.xz systemd-78e9bb837c258ac0ec7712b3d612cc2f407e731e.zip |
Merging upstream version 256.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/analyze/analyze-security.c')
-rw-r--r-- | src/analyze/analyze-security.c | 115 |
1 files changed, 52 insertions, 63 deletions
diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c index 5f1b5e6..75508f4 100644 --- a/src/analyze/analyze-security.c +++ b/src/analyze/analyze-security.c @@ -215,20 +215,21 @@ static int assess_user( uint64_t *ret_badness, char **ret_description) { - _cleanup_free_ char *d = NULL; + const char *d; uint64_t b; + int r; assert(ret_badness); assert(ret_description); if (streq_ptr(info->user, NOBODY_USER_NAME)) { - d = strdup("Service runs under as '" NOBODY_USER_NAME "' user, which should not be used for services"); + d = "Service runs under as '" NOBODY_USER_NAME "' user, which should not be used for services"; b = 9; } else if (info->dynamic_user && !STR_IN_SET(info->user, "0", "root")) { - d = strdup("Service runs under a transient non-root user identity"); + d = "Service runs under a transient non-root user identity"; b = 0; } else if (info->user && !STR_IN_SET(info->user, "0", "root", "")) { - d = strdup("Service runs under a static non-root user identity"); + d = "Service runs under a static non-root user identity"; b = 0; } else { *ret_badness = 10; @@ -236,12 +237,11 @@ static int assess_user( return 0; } - if (!d) - return log_oom(); + r = strdup_to(ret_description, d); + if (r < 0) + return r; *ret_badness = b; - *ret_description = TAKE_PTR(d); - return 0; } @@ -254,7 +254,6 @@ static int assess_protect_home( const char *description; uint64_t badness; - char *copy; int r; assert(ret_badness); @@ -277,13 +276,11 @@ static int assess_protect_home( description = "Service has no access to home directories"; } - copy = strdup(description); - if (!copy) - return log_oom(); + r = strdup_to(ret_description, description); + if (r < 0) + return r; *ret_badness = badness; - *ret_description = copy; - return 0; } @@ -296,7 +293,6 @@ static int assess_protect_system( const char *description; uint64_t badness; - char *copy; int r; assert(ret_badness); @@ -319,13 +315,11 @@ static int assess_protect_system( description = "Service has limited write access to the OS file hierarchy"; } - copy = strdup(description); - if (!copy) - return log_oom(); + r = strdup_to(ret_description, description); + if (r < 0) + return r; *ret_badness = badness; - *ret_description = copy; - return 0; } @@ -370,9 +364,9 @@ static int assess_umask( uint64_t *ret_badness, char **ret_description) { - char *copy = NULL; const char *d; uint64_t b; + int r; assert(ret_badness); assert(ret_description); @@ -394,13 +388,11 @@ static int assess_umask( b = 0; } - copy = strdup(d); - if (!copy) - return log_oom(); + r = strdup_to(ret_description, d); + if (r < 0) + return r; *ret_badness = b; - *ret_description = copy; - return 0; } @@ -537,30 +529,30 @@ static int assess_system_call_architectures( uint64_t *ret_badness, char **ret_description) { - char *d; + const char *d; uint64_t b; + int r; assert(ret_badness); assert(ret_description); if (set_isempty(info->system_call_architectures)) { b = 10; - d = strdup("Service may execute system calls with all ABIs"); + d = "Service may execute system calls with all ABIs"; } else if (set_contains(info->system_call_architectures, "native") && set_size(info->system_call_architectures) == 1) { b = 0; - d = strdup("Service may execute system calls only with native ABI"); + d = "Service may execute system calls only with native ABI"; } else { b = 8; - d = strdup("Service may execute system calls with multiple ABIs"); + d = "Service may execute system calls with multiple ABIs"; } - if (!d) - return log_oom(); + r = strdup_to(ret_description, d); + if (r < 0) + return r; *ret_badness = b; - *ret_description = d; - return 0; } @@ -607,12 +599,12 @@ static int assess_system_call_filter( assert(a->parameter < _SYSCALL_FILTER_SET_MAX); const SyscallFilterSet *f = syscall_filter_sets + a->parameter; - _cleanup_free_ char *d = NULL; + char *d; uint64_t b; int r; if (!info->system_call_filter_allow_list && set_isempty(info->system_call_filter)) { - r = free_and_strdup(&d, "Service does not filter system calls"); + r = strdup_to(&d, "Service does not filter system calls"); b = 10; } else { bool bad; @@ -649,8 +641,8 @@ static int assess_system_call_filter( if (r < 0) return log_oom(); + *ret_description = d; *ret_badness = b; - *ret_description = TAKE_PTR(d); return 0; } @@ -664,36 +656,36 @@ static int assess_ip_address_allow( uint64_t *ret_badness, char **ret_description) { - char *d = NULL; + const char *d; uint64_t b; + int r; assert(info); assert(ret_badness); assert(ret_description); if (info->ip_filters_custom_ingress || info->ip_filters_custom_egress) { - d = strdup("Service defines custom ingress/egress IP filters with BPF programs"); + d = "Service defines custom ingress/egress IP filters with BPF programs"; b = 0; } else if (!info->ip_address_deny_all) { - d = strdup("Service does not define an IP address allow list"); + d = "Service does not define an IP address allow list"; b = 10; } else if (info->ip_address_allow_other) { - d = strdup("Service defines IP address allow list with non-localhost entries"); + d = "Service defines IP address allow list with non-localhost entries"; b = 5; } else if (info->ip_address_allow_localhost) { - d = strdup("Service defines IP address allow list with only localhost entries"); + d = "Service defines IP address allow list with only localhost entries"; b = 2; } else { - d = strdup("Service blocks all IP address ranges"); + d = "Service blocks all IP address ranges"; b = 0; } - if (!d) - return log_oom(); + r = strdup_to(ret_description, d); + if (r < 0) + return r; *ret_badness = b; - *ret_description = d; - return 0; } @@ -704,7 +696,7 @@ static int assess_device_allow( uint64_t *ret_badness, char **ret_description) { - char *d = NULL; + char *d; uint64_t b; assert(info); @@ -1651,7 +1643,7 @@ static uint64_t access_weight(const struct security_assessor *a, JsonVariant *po assert(a); val = security_assessor_find_in_policy(a, policy, "weight"); - if (val) { + if (val) { if (json_variant_is_unsigned(val)) return json_variant_unsigned(val); log_debug("JSON field 'weight' of policy for %s is not an unsigned integer, ignoring.", a->id); @@ -1666,7 +1658,7 @@ static uint64_t access_range(const struct security_assessor *a, JsonVariant *pol assert(a); val = security_assessor_find_in_policy(a, policy, "range"); - if (val) { + if (val) { if (json_variant_is_unsigned(val)) return json_variant_unsigned(val); log_debug("JSON field 'range' of policy for %s is not an unsigned integer, ignoring.", a->id); @@ -1681,7 +1673,7 @@ static const char *access_description_na(const struct security_assessor *a, Json assert(a); val = security_assessor_find_in_policy(a, policy, "description_na"); - if (val) { + if (val) { if (json_variant_is_string(val)) return json_variant_string(val); log_debug("JSON field 'description_na' of policy for %s is not a string, ignoring.", a->id); @@ -1696,7 +1688,7 @@ static const char *access_description_good(const struct security_assessor *a, Js assert(a); val = security_assessor_find_in_policy(a, policy, "description_good"); - if (val) { + if (val) { if (json_variant_is_string(val)) return json_variant_string(val); log_debug("JSON field 'description_good' of policy for %s is not a string, ignoring.", a->id); @@ -1711,7 +1703,7 @@ static const char *access_description_bad(const struct security_assessor *a, Jso assert(a); val = security_assessor_find_in_policy(a, policy, "description_bad"); - if (val) { + if (val) { if (json_variant_is_string(val)) return json_variant_string(val); log_debug("JSON field 'description_bad' of policy for %s is not a string, ignoring.", a->id); @@ -1764,15 +1756,14 @@ static int assess(const SecurityInfo *info, (void) table_set_display(details_table, (size_t) 0, (size_t) 1, (size_t) 2, (size_t) 3, (size_t) 7); } - for (i = 0; i < ELEMENTSOF(security_assessor_table); i++) { - const struct security_assessor *a = security_assessor_table + i; + FOREACH_ELEMENT(a, security_assessor_table) { _cleanup_free_ char *d = NULL; uint64_t badness; void *data; uint64_t weight = access_weight(a, policy); uint64_t range = access_range(a, policy); - data = (uint8_t *) info + a->offset; + data = (uint8_t*) info + a->offset; if (a->default_dependencies_only && !info->default_dependencies) { badness = UINT64_MAX; @@ -2738,7 +2729,7 @@ static int offline_security_checks( /* When a portable image is analyzed, the profile is what provides a good chunk of * the security-related settings, but they are obviously not shipped with the image. - * This allows to take them in consideration. */ + * This allows them to be taken into consideration. */ if (profile) { _cleanup_free_ char *unit_name = NULL, *dropin = NULL, *profile_path = NULL; @@ -2828,7 +2819,6 @@ static int analyze_security(sd_bus *bus, for (;;) { UnitInfo info; - char *copy = NULL; r = bus_parse_unit_info(reply, &info); if (r < 0) @@ -2842,12 +2832,11 @@ static int analyze_security(sd_bus *bus, if (!GREEDY_REALLOC(list, n + 2)) return log_oom(); - copy = strdup(info.id); - if (!copy) - return log_oom(); + r = strdup_to(&list[n], info.id); + if (r < 0) + return r; - list[n++] = copy; - list[n] = NULL; + list[++n] = NULL; } strv_sort(list); |