From a1440ec3daaa4f95b5ce007157ae1371c39da5b6 Mon Sep 17 00:00:00 2001 From: Rob Clark Date: Tue, 1 Dec 2020 10:16:36 -0800 Subject: [PATCH] util: Add helper to get FILE* options Add a helper to get debug options that specify a file path, with additional checking for suid to prevent unintended file access via mesa's debug features. Unlike other DEBUG_GET_ONCE_*, this returns a new file ptr each time it is called (although it only does the lookup of the path once). Signed-off-by: Rob Clark Acked-by: Antonio Caggiano Part-of: --- src/util/u_debug.h | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/src/util/u_debug.h b/src/util/u_debug.h index 6318f39..fa14cf1 100644 --- a/src/util/u_debug.h +++ b/src/util/u_debug.h @@ -40,6 +40,11 @@ #include #include +#if !defined(_WIN32) +#include +#include +#endif + #include "util/os_misc.h" #include "util/detect_os.h" #include "util/macros.h" @@ -412,6 +417,39 @@ debug_get_option_ ## suffix (void) \ return value; \ } +static inline bool +__check_suid(void) +{ +#if !defined(_WIN32) + if (geteuid() != getuid()) + return true; +#endif + return false; +} + +/** + * Define a getter for a debug option which specifies a 'FILE *' + * to open, with additional checks for suid executables. Note + * that if the return is not NULL, the caller owns the 'FILE *' + * reference. + */ +#define DEBUG_GET_ONCE_FILE_OPTION(suffix, name, dfault, mode) \ +static FILE * \ +debug_get_option_ ## suffix (void) \ +{ \ + static bool first = true; \ + static const char * value; \ + if (__check_suid()) \ + return NULL; \ + if (first) { \ + first = false; \ + value = debug_get_option(name, dfault); \ + } \ + if (!value) \ + return NULL; \ + return fopen(value, mode); \ +} + #define DEBUG_GET_ONCE_BOOL_OPTION(sufix, name, dfault) \ static bool \ debug_get_option_ ## sufix (void) \ -- 2.7.4