sys-utils/prlimit.c:467:16: warning: 'hard' may be used uninitialized in this function [-Wmaybe-uninitialized]
lim->rlim_max = hard;
~~~~~~~~~~~~~~^~~~~~
sys-utils/prlimit.c:456:15: note: 'hard' was declared here
rlim_t soft, hard;
^~~~
sys-utils/prlimit.c:466:16: warning: 'soft' may be used uninitialized in this function [-Wmaybe-uninitialized]
lim->rlim_cur = soft;
~~~~~~~~~~~~~~^~~~~~
sys-utils/prlimit.c:456:9: note: 'soft' was declared here
rlim_t soft, hard;
^~~~
References: https://github.com/karelzak/util-linux/issues/1406
Signed-off-by: Karel Zak <kzak@redhat.com>
Since these functions are only used internally, we can make sure they
are being used correctly, and assert() helps in catching remaining
issues. Usage of each changed function has been reviewed:
For xgetpwnam:
- chsh(1) only calls it if a username has been set
- login(1) only calls it if username has been set and is not empty
- su(1) always initializes new_user to "root"
- unshare(1) calls get_user with optarg, so always set as well
For xgetgrnam:
- unshare(1) calls get_group with optarg
For xgetpwuid:
- chsh(1) passes a stack allocated struct for struct passwd
Signed-off-by: Érico Nogueira <erico.erc@gmail.com>
It defined its own xgetlogin, which queried geteuid() instead of getuid(),
with a fallback to "<someone>" when lookup fails. This has been the case
since the function was introduced in
019b97024f, so geteuid() has always been
used. Since using geteuid for identification isn't consistent with the
rest of util-linux, switching to xgetlogin(), which uses getuid(),
should be correct.
Signed-off-by: Érico Nogueira <erico.erc@gmail.com>
getlogin(3) shouldn't be used for identification here. This also removes
the bug where a missing entry for getuid() in passwd database wouldn't
print a warning, because whom would be set to "???".
For consistency, switch to "<someone>" when pw look up fails.
Signed-off-by: Érico Nogueira <erico.erc@gmail.com>
Per the man page, it shouldn't be used for security purposes. This is an
issue especially on musl, where getlogin is implemented as
getenv("LOGNAME"). Since xgetlogin is being used as user identity in su(1), to
set PAM_RUSER, we simply switch to always using getpwuid(getuid()).
Signed-off-by: Érico Nogueira <erico.erc@gmail.com>
It's probably good idea to call setgroups() to cleanup groups,
but it introduces a regression as some mount helpers depend on
supplementary groups like "network" etc.
Fixes: https://github.com/karelzak/util-linux/issues/1398
Signed-off-by: Karel Zak <kzak@redhat.com>
* keep process in single supplementary group, which is the real group ID for the process
* make sure we have rights to call setgroups(), requires group permissions
Fixes: https://github.com/karelzak/util-linux/issues/1398
Signed-off-by: Karel Zak <kzak@redhat.com>
32-bit userspace returns ENOTTY:
ioctl(4, LOOP_CONFIGURE, {fd=3, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR, lo_file_name="/usr/install/iso/systemrescue-8.04-amd64.iso", ...}}) = -1 ENOTTY (Inappropriate ioctl for device)
64-bit userspace returns EINVAL:
ioctl(4, LOOP_CONFIGURE, {fd=3, block_size=0, info={lo_offset=0, lo_number=0, lo_flags=LO_FLAGS_AUTOCLEAR, lo_file_name="/usr/src/PACKAGES/systemrescue-8.04-amd64.iso", ...}}) = -1 EINVAL (Invalid argument)
The correct return value for an unknown ioctl is ENOTTY, but we need
to support already released kernels, so let's support both errnos.
Reported-by: Krzysztof Olędzki <ole@ans.pl>
Signed-off-by: Karel Zak <kzak@redhat.com>
Since libblkid commit 751eca28fc it does
not ignore FAT on whole-disks, so now libfdisk sees collision between
FAT and MBR. It's fine to report the collision to users, but we should
not ignore the MBR.
Signed-off-by: Karel Zak <kzak@redhat.com>
commit 9147d2ad8a ("blockdev: Don't fail on missing start sector") limits
the size of the start sector to 10 digits.
Multi-terrabyte devices can have partitions with a start sector larger than
10 digits, which will cause an sprintf() to abort due to overflowing the buffer.
It causes:
# blockdev --report /dev/sda4
RO RA SSZ BSZ StartSec Size Device
*** buffer overflow detected ***: terminated
Aborted (core dumped)
man sd_journal_get_data:
The returned data is in a read-only memory map and is only valid until the next invocation
of sd_journal_get_data().
It means that use data after 3x sd_journal_get_data() is really bad
idea. It also seems better to not assume the fields are zero
terminated as journal API works with void* and size_t to address the
data.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1984704
Signed-off-by: Karel Zak <kzak@redhat.com>
Let's make it more robust for old kernels where is no close_range() or
in cases when it's unsuccessful.
Reported-by: Florian Weimer <fweimer@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
* the original read_utmp() code is from GPLv3+, but lslogins is GPLv2+
(see a6bf40ee77 (commitcomment-53407151))
* remove redundant parse_btmp() and parse_wtmp() as it does not
provide anything
* reduce realloc() calls, allocate all in one step
Signed-off-by: Karel Zak <kzak@redhat.com>
This new syscall comes with three arguments (see kernel commit
278a5fbaed89dacd04e9d052f4594ffd0e0585de). Not sure why util-linux
assume only two.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1981729
Signed-off-by: Karel Zak <kzak@redhat.com>
The function fdisk_reorder_partitions() is also used in sfdisk and cfdisk
and these commands assume info/warn messages from the library. So move all
messages from fdisk to fdisk_reorder_partitions().
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Parsing of verity.roothashsig did not take into consideration that other options
might follow, and used the whole string as a file path. But mnt_optstr_get_option
just returns a pointer in the mount option string, it doesn't extract it, so it
would have other subsequent options too. The length parameter has to be used.
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Option 'f' currently prints following RED error message:
Nothing to do. Ordering is correct already.
Failed to fix partitions order.
This change removes RED error message when ordering is already correct.
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
FAT32 can be formatted with boot sign 0x28 to indicate that only serial id
is present or with boot sign 0x29 which indicates that both boot label and
serial id is present.
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Older FAT16 variants do not have to contain boot label or serial id. Boot
sign 0x28 indicates that only serial id is present and boot sign 0x29
indicates that both boot label and serial id is present. Other boot sign
values (e.g. zero) indicates older FAT16 variant without boot label and
boot sign.
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
dlopen is treated as a dependency, but that's not quite right, it
should be an alternative way to link to libcryptsetup.
Search for it only if cryptsetup is not disabled, and if the cryptsetup-dlopen
is explicitly set to enabled. If it is, do not link to libcryptsetup.
Add cryptsetup support status to the meson summary.
Karel Zak
Jose Riha
Jakub Bogusz
panchenbo
Érico Nogueira
Thomas Abraham
Christian Finnberg
Мирослав Николић
Rafael Fontenelle
Antonio Ceballos Roa
Pali Rohár
Luca Boccassi
Luca Boccassi