summaryrefslogtreecommitdiffstats
path: root/src/analyze/analyze-security.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-12 03:50:42 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-12 03:50:42 +0000
commit78e9bb837c258ac0ec7712b3d612cc2f407e731e (patch)
treef515d16b6efd858a9aeb5b0ef5d6f90bf288283d /src/analyze/analyze-security.c
parentAdding debian version 255.5-1. (diff)
downloadsystemd-78e9bb837c258ac0ec7712b3d612cc2f407e731e.tar.xz
systemd-78e9bb837c258ac0ec7712b3d612cc2f407e731e.zip
Merging upstream version 256.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/analyze/analyze-security.c')
-rw-r--r--src/analyze/analyze-security.c115
1 files changed, 52 insertions, 63 deletions
diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c
index 5f1b5e6..75508f4 100644
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -215,20 +215,21 @@ static int assess_user(
uint64_t *ret_badness,
char **ret_description) {
- _cleanup_free_ char *d = NULL;
+ const char *d;
uint64_t b;
+ int r;
assert(ret_badness);
assert(ret_description);
if (streq_ptr(info->user, NOBODY_USER_NAME)) {
- d = strdup("Service runs under as '" NOBODY_USER_NAME "' user, which should not be used for services");
+ d = "Service runs under as '" NOBODY_USER_NAME "' user, which should not be used for services";
b = 9;
} else if (info->dynamic_user && !STR_IN_SET(info->user, "0", "root")) {
- d = strdup("Service runs under a transient non-root user identity");
+ d = "Service runs under a transient non-root user identity";
b = 0;
} else if (info->user && !STR_IN_SET(info->user, "0", "root", "")) {
- d = strdup("Service runs under a static non-root user identity");
+ d = "Service runs under a static non-root user identity";
b = 0;
} else {
*ret_badness = 10;
@@ -236,12 +237,11 @@ static int assess_user(
return 0;
}
- if (!d)
- return log_oom();
+ r = strdup_to(ret_description, d);
+ if (r < 0)
+ return r;
*ret_badness = b;
- *ret_description = TAKE_PTR(d);
-
return 0;
}
@@ -254,7 +254,6 @@ static int assess_protect_home(
const char *description;
uint64_t badness;
- char *copy;
int r;
assert(ret_badness);
@@ -277,13 +276,11 @@ static int assess_protect_home(
description = "Service has no access to home directories";
}
- copy = strdup(description);
- if (!copy)
- return log_oom();
+ r = strdup_to(ret_description, description);
+ if (r < 0)
+ return r;
*ret_badness = badness;
- *ret_description = copy;
-
return 0;
}
@@ -296,7 +293,6 @@ static int assess_protect_system(
const char *description;
uint64_t badness;
- char *copy;
int r;
assert(ret_badness);
@@ -319,13 +315,11 @@ static int assess_protect_system(
description = "Service has limited write access to the OS file hierarchy";
}
- copy = strdup(description);
- if (!copy)
- return log_oom();
+ r = strdup_to(ret_description, description);
+ if (r < 0)
+ return r;
*ret_badness = badness;
- *ret_description = copy;
-
return 0;
}
@@ -370,9 +364,9 @@ static int assess_umask(
uint64_t *ret_badness,
char **ret_description) {
- char *copy = NULL;
const char *d;
uint64_t b;
+ int r;
assert(ret_badness);
assert(ret_description);
@@ -394,13 +388,11 @@ static int assess_umask(
b = 0;
}
- copy = strdup(d);
- if (!copy)
- return log_oom();
+ r = strdup_to(ret_description, d);
+ if (r < 0)
+ return r;
*ret_badness = b;
- *ret_description = copy;
-
return 0;
}
@@ -537,30 +529,30 @@ static int assess_system_call_architectures(
uint64_t *ret_badness,
char **ret_description) {
- char *d;
+ const char *d;
uint64_t b;
+ int r;
assert(ret_badness);
assert(ret_description);
if (set_isempty(info->system_call_architectures)) {
b = 10;
- d = strdup("Service may execute system calls with all ABIs");
+ d = "Service may execute system calls with all ABIs";
} else if (set_contains(info->system_call_architectures, "native") &&
set_size(info->system_call_architectures) == 1) {
b = 0;
- d = strdup("Service may execute system calls only with native ABI");
+ d = "Service may execute system calls only with native ABI";
} else {
b = 8;
- d = strdup("Service may execute system calls with multiple ABIs");
+ d = "Service may execute system calls with multiple ABIs";
}
- if (!d)
- return log_oom();
+ r = strdup_to(ret_description, d);
+ if (r < 0)
+ return r;
*ret_badness = b;
- *ret_description = d;
-
return 0;
}
@@ -607,12 +599,12 @@ static int assess_system_call_filter(
assert(a->parameter < _SYSCALL_FILTER_SET_MAX);
const SyscallFilterSet *f = syscall_filter_sets + a->parameter;
- _cleanup_free_ char *d = NULL;
+ char *d;
uint64_t b;
int r;
if (!info->system_call_filter_allow_list && set_isempty(info->system_call_filter)) {
- r = free_and_strdup(&d, "Service does not filter system calls");
+ r = strdup_to(&d, "Service does not filter system calls");
b = 10;
} else {
bool bad;
@@ -649,8 +641,8 @@ static int assess_system_call_filter(
if (r < 0)
return log_oom();
+ *ret_description = d;
*ret_badness = b;
- *ret_description = TAKE_PTR(d);
return 0;
}
@@ -664,36 +656,36 @@ static int assess_ip_address_allow(
uint64_t *ret_badness,
char **ret_description) {
- char *d = NULL;
+ const char *d;
uint64_t b;
+ int r;
assert(info);
assert(ret_badness);
assert(ret_description);
if (info->ip_filters_custom_ingress || info->ip_filters_custom_egress) {
- d = strdup("Service defines custom ingress/egress IP filters with BPF programs");
+ d = "Service defines custom ingress/egress IP filters with BPF programs";
b = 0;
} else if (!info->ip_address_deny_all) {
- d = strdup("Service does not define an IP address allow list");
+ d = "Service does not define an IP address allow list";
b = 10;
} else if (info->ip_address_allow_other) {
- d = strdup("Service defines IP address allow list with non-localhost entries");
+ d = "Service defines IP address allow list with non-localhost entries";
b = 5;
} else if (info->ip_address_allow_localhost) {
- d = strdup("Service defines IP address allow list with only localhost entries");
+ d = "Service defines IP address allow list with only localhost entries";
b = 2;
} else {
- d = strdup("Service blocks all IP address ranges");
+ d = "Service blocks all IP address ranges";
b = 0;
}
- if (!d)
- return log_oom();
+ r = strdup_to(ret_description, d);
+ if (r < 0)
+ return r;
*ret_badness = b;
- *ret_description = d;
-
return 0;
}
@@ -704,7 +696,7 @@ static int assess_device_allow(
uint64_t *ret_badness,
char **ret_description) {
- char *d = NULL;
+ char *d;
uint64_t b;
assert(info);
@@ -1651,7 +1643,7 @@ static uint64_t access_weight(const struct security_assessor *a, JsonVariant *po
assert(a);
val = security_assessor_find_in_policy(a, policy, "weight");
- if (val) {
+ if (val) {
if (json_variant_is_unsigned(val))
return json_variant_unsigned(val);
log_debug("JSON field 'weight' of policy for %s is not an unsigned integer, ignoring.", a->id);
@@ -1666,7 +1658,7 @@ static uint64_t access_range(const struct security_assessor *a, JsonVariant *pol
assert(a);
val = security_assessor_find_in_policy(a, policy, "range");
- if (val) {
+ if (val) {
if (json_variant_is_unsigned(val))
return json_variant_unsigned(val);
log_debug("JSON field 'range' of policy for %s is not an unsigned integer, ignoring.", a->id);
@@ -1681,7 +1673,7 @@ static const char *access_description_na(const struct security_assessor *a, Json
assert(a);
val = security_assessor_find_in_policy(a, policy, "description_na");
- if (val) {
+ if (val) {
if (json_variant_is_string(val))
return json_variant_string(val);
log_debug("JSON field 'description_na' of policy for %s is not a string, ignoring.", a->id);
@@ -1696,7 +1688,7 @@ static const char *access_description_good(const struct security_assessor *a, Js
assert(a);
val = security_assessor_find_in_policy(a, policy, "description_good");
- if (val) {
+ if (val) {
if (json_variant_is_string(val))
return json_variant_string(val);
log_debug("JSON field 'description_good' of policy for %s is not a string, ignoring.", a->id);
@@ -1711,7 +1703,7 @@ static const char *access_description_bad(const struct security_assessor *a, Jso
assert(a);
val = security_assessor_find_in_policy(a, policy, "description_bad");
- if (val) {
+ if (val) {
if (json_variant_is_string(val))
return json_variant_string(val);
log_debug("JSON field 'description_bad' of policy for %s is not a string, ignoring.", a->id);
@@ -1764,15 +1756,14 @@ static int assess(const SecurityInfo *info,
(void) table_set_display(details_table, (size_t) 0, (size_t) 1, (size_t) 2, (size_t) 3, (size_t) 7);
}
- for (i = 0; i < ELEMENTSOF(security_assessor_table); i++) {
- const struct security_assessor *a = security_assessor_table + i;
+ FOREACH_ELEMENT(a, security_assessor_table) {
_cleanup_free_ char *d = NULL;
uint64_t badness;
void *data;
uint64_t weight = access_weight(a, policy);
uint64_t range = access_range(a, policy);
- data = (uint8_t *) info + a->offset;
+ data = (uint8_t*) info + a->offset;
if (a->default_dependencies_only && !info->default_dependencies) {
badness = UINT64_MAX;
@@ -2738,7 +2729,7 @@ static int offline_security_checks(
/* When a portable image is analyzed, the profile is what provides a good chunk of
* the security-related settings, but they are obviously not shipped with the image.
- * This allows to take them in consideration. */
+ * This allows them to be taken into consideration. */
if (profile) {
_cleanup_free_ char *unit_name = NULL, *dropin = NULL, *profile_path = NULL;
@@ -2828,7 +2819,6 @@ static int analyze_security(sd_bus *bus,
for (;;) {
UnitInfo info;
- char *copy = NULL;
r = bus_parse_unit_info(reply, &info);
if (r < 0)
@@ -2842,12 +2832,11 @@ static int analyze_security(sd_bus *bus,
if (!GREEDY_REALLOC(list, n + 2))
return log_oom();
- copy = strdup(info.id);
- if (!copy)
- return log_oom();
+ r = strdup_to(&list[n], info.id);
+ if (r < 0)
+ return r;
- list[n++] = copy;
- list[n] = NULL;
+ list[++n] = NULL;
}
strv_sort(list);