Bugfixes on forbidden paths (#169)

Added check for forbidden path in is_capio_path

---------

Co-authored-by: Marco Edoardo Santimaria <marcoedoardo.santimaria@unito.it>

Author: marcoSanti

capio-common/capio/constants.hpp

@@ -14,9 +14,9 @@ typedef unsigned long long int capio_off64_t;
 constexpr size_t CAPIO_DEFAULT_DIR_INITIAL_SIZE                 = 1024L * 1024 * 1024;
 constexpr off64_t CAPIO_DEFAULT_FILE_INITIAL_SIZE               = 1024L * 1024 * 1024 * 4;
 [[maybe_unused]] constexpr std::array CAPIO_DIR_FORBIDDEN_PATHS = {
-    std::string_view{"/proc/"}, std::string_view{"/sys/"}, std::string_view{"/boot/"},
-    std::string_view{"/dev/"},  std::string_view{"/var/"}, std::string_view{"/run/"},
-    std::string_view("/spack/")};
+    std::string_view{"/proc/"},  std::string_view{"/sys/"},    std::string_view{"/boot/"},
+    std::string_view{"/dev/"},   std::string_view{"/var/"},    std::string_view{"/run/"},
+    std::string_view("/spack/"), std::string_view{"/usr/bin/"}};
 
 // CAPIO default values for shared memory
 constexpr char CAPIO_DEFAULT_WORKFLOW_NAME[] = "CAPIO";

capio-common/capio/filesystem.hpp

@@ -73,7 +73,8 @@ inline bool is_capio_path(const std::filesystem::path &path_to_check) {
     START_LOG(capio_syscall(SYS_gettid), "call(path_to_check=%s)", path_to_check.c_str());
 
     // check if path_to_check begins with CAPIO_DIR
-    const auto res = is_prefix(get_capio_dir(), path_to_check);
+    const auto res =
+        is_prefix(get_capio_dir(), path_to_check) && !is_forbidden_path(path_to_check.string());
     LOG("is_capio_path:%s", res ? "yes" : "no");
     return res;
 }

capio-posix/handlers/access.hpp

@@ -9,7 +9,7 @@ int access_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long a
     const std::string_view pathname(reinterpret_cast<const char *>(arg0));
     auto tid = static_cast<pid_t>(syscall_no_intercept(SYS_gettid));
     START_LOG(tid, "call()");
-    if (is_forbidden_path(pathname) || !is_capio_path(pathname)) {
+    if (!is_capio_path(pathname)) {
         LOG("Path %s is forbidden: skip", pathname.data());
         return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
     }
@@ -32,7 +32,7 @@ int faccessat_handler(long arg0, long arg1, long arg2, long arg3, long arg4, lon
     auto tid = static_cast<pid_t>(syscall_no_intercept(SYS_gettid));
     START_LOG(tid, "call()");
 
-    if (is_forbidden_path(pathname) || !is_capio_path(pathname)) {
+    if (!is_capio_path(pathname)) {
         LOG("Path %s is forbidden or is not a capio path: skip", pathname.data());
         return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
     }

capio-posix/handlers/chdir.hpp

@@ -13,7 +13,7 @@ int chdir_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long ar
     START_LOG(tid, "call(path=%s)", pathname.data());
 
     syscall_no_intercept_flag = true;
-    if (is_forbidden_path(pathname) || !is_capio_path(pathname)) {
+    if (!is_capio_path(pathname)) {
         LOG("Path %s is forbidden: skip", pathname.data());
         syscall_no_intercept_flag = false;
         return CAPIO_POSIX_SYSCALL_SKIP;

capio-posix/handlers/dup.hpp

@@ -19,8 +19,7 @@ int dup_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long arg5
         }
         dup_capio_fd(tid, fd, res, false);
 
-        *result = res;
-        return CAPIO_POSIX_SYSCALL_SUCCESS;
+        return posix_return_value(res, result);
     }
     return CAPIO_POSIX_SYSCALL_SKIP;
 }
@@ -43,8 +42,8 @@ int dup2_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long arg
         if (fd != res) {
             dup_capio_fd(tid, fd, res, false);
         }
-        *result = res;
-        return CAPIO_POSIX_SYSCALL_SUCCESS;
+
+        return posix_return_value(res, result);
     }
     return CAPIO_POSIX_SYSCALL_SKIP;
 }
@@ -75,8 +74,7 @@ int dup3_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long arg
         bool is_cloexec = (flags & O_CLOEXEC) == O_CLOEXEC;
         dup_capio_fd(tid, fd, res, is_cloexec);
 
-        *result = res;
-        return CAPIO_POSIX_SYSCALL_SUCCESS;
+        return posix_return_value(res, result);
     }
     return CAPIO_POSIX_SYSCALL_SKIP;
 }

capio-posix/handlers/fork.hpp

@@ -14,14 +14,13 @@ int fork_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long arg
 
     if (pid == 0) {
         // child
-        auto child_tid = static_cast<pid_t>(syscall_no_intercept(SYS_gettid));
+        const auto child_tid = static_cast<pid_t>(syscall_no_intercept(SYS_gettid));
         init_process(child_tid);
         *result = 0;
-    } else {
-        *result = pid;
+        return posix_return_value(0, result);
     }
 
-    return CAPIO_POSIX_SYSCALL_SUCCESS;
+    return posix_return_value(pid, result);
 }
 
 #endif // SYS_fork

capio-posix/handlers/mkdir.hpp

@@ -7,7 +7,7 @@
 inline off64_t capio_mkdirat(int dirfd, const std::string_view &pathname, mode_t mode, pid_t tid) {
     START_LOG(tid, "call(dirfd=%d, pathname=%s, mode=%o)", dirfd, pathname.data(), mode);
 
-    if (is_forbidden_path(pathname)) {
+    if (!is_capio_path(pathname)) {
         LOG("Path %s is forbidden: skip", pathname.data());
         return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
     }

capio-posix/handlers/open.hpp

@@ -40,7 +40,7 @@ int creat_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long ar
     mode_t mode = static_cast<int>(arg2);
     START_LOG(tid, "call(path=%s, flags=%d, mode=%d)", pathname.data(), flags, mode);
 
-    if (is_forbidden_path(pathname)) {
+    if (!is_capio_path(pathname)) {
         LOG("Path %s is forbidden: skip", pathname.data());
         return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
     }
@@ -52,7 +52,12 @@ int creat_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long ar
         LOG("Create request sent");
     }
 
-    int fd = static_cast<int>(syscall_no_intercept(SYS_creat, arg0, arg1, arg2, arg3, arg4, arg5));
+    const int fd =
+        static_cast<int>(syscall_no_intercept(SYS_creat, arg0, arg1, arg2, arg3, arg4, arg5));
+
+    if (fd < 0) {
+        return CAPIO_POSIX_SYSCALL_ERRNO;
+    }
 
     LOG("fd=%d", fd);
 
@@ -61,8 +66,7 @@ int creat_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long ar
         add_capio_fd(tid, path, fd, 0, (flags & O_CLOEXEC) == O_CLOEXEC);
     }
 
-    *result = fd;
-    return CAPIO_POSIX_SYSCALL_SUCCESS;
+    return posix_return_value(fd, result);
 }
 #endif // SYS_creat
 
@@ -76,7 +80,7 @@ int open_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long arg
 
     std::string path = compute_abs_path(pathname.data(), -1);
 
-    if (is_forbidden_path(pathname) || !is_capio_path(path)) {
+    if (!is_capio_path(pathname)) {
         LOG("Path %s is not a capio path: skip", pathname.data());
         return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
     }
@@ -95,13 +99,15 @@ int open_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long arg
 
     const int fd =
         static_cast<int>(syscall_no_intercept(SYS_open, arg0, arg1, arg2, arg3, arg4, arg5));
+    if (fd < 0) {
+        return CAPIO_POSIX_SYSCALL_ERRNO;
+    }
 
     LOG("Adding capio path");
     add_capio_fd(tid, resolved_path, fd, 0, (flags & O_CLOEXEC) == O_CLOEXEC);
     LOG("fd=%d", fd);
 
-    *result = fd;
-    return CAPIO_POSIX_SYSCALL_SUCCESS;
+    return posix_return_value(fd, result);
 }
 #endif // SYS_open
 
@@ -116,7 +122,7 @@ int openat_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long a
               mode);
 
     std::string path = compute_abs_path(pathname.data(), dirfd);
-    if (is_forbidden_path(pathname) || !is_capio_path(path)) {
+    if (!is_capio_path(pathname)) {
         LOG("Path %s is not a capio path: skip", pathname.data());
         return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
     }
@@ -138,11 +144,14 @@ int openat_handler(long arg0, long arg1, long arg2, long arg3, long arg4, long a
         static_cast<int>(syscall_no_intercept(SYS_openat, arg0, arg1, arg2, arg3, arg4, arg5));
     LOG("fd=%d", fd);
 
+    if (fd < 0) {
+        return CAPIO_POSIX_SYSCALL_ERRNO;
+    }
+
     LOG("Adding resolved capio path (%s)", resolved_path.c_str());
     add_capio_fd(tid, resolved_path, fd, 0, (flags & O_CLOEXEC) == O_CLOEXEC);
 
-    *result = fd;
-    return CAPIO_POSIX_SYSCALL_SUCCESS;
+    return posix_return_value(fd, result);
 }
 #endif // SYS_openat
 

capio-posix/handlers/posix_readdir.hpp

@@ -179,14 +179,6 @@ inline struct dirent64 *capio_internal_readdir(DIR *dirp, long pid) {
 DIR *opendir(const char *name) {
     START_LOG(capio_syscall(SYS_gettid), "call(path=%s)", name);
 
-    if (is_forbidden_path(name)) {
-        LOG("Path %s is forbidden: skip", name);
-        syscall_no_intercept_flag = true;
-        auto res                  = real_opendir(name);
-        syscall_no_intercept_flag = false;
-        return res;
-    }
-
     auto absolute_path = capio_absolute(name);
 
     LOG("Resolved absolute path = %s", absolute_path.c_str());

capio-posix/handlers/read.hpp

@@ -19,14 +19,14 @@ inline off64_t capio_read_fs(int fd, size_t count, pid_t tid) {
 inline off64_t capio_read_mem(int fd, size_t count, void *buffer, long *result) {
     START_LOG(capio_syscall(SYS_gettid), "call(fd=%d, count=%ld)", fd, count);
     if (exists_capio_fd(fd)) {
-        auto computed_offset = get_capio_fd_offset(fd) + count;
+        const auto computed_offset = get_capio_fd_offset(fd) + count;
 
         LOG("Handling read on file %s up to byte %ld", get_capio_fd_path(fd).c_str(),
             computed_offset);
 
-        *result = read_request_cache_mem->read(fd, buffer, count);
-        LOG("Result of read is %lu", *result);
-        return CAPIO_POSIX_SYSCALL_SUCCESS;
+        const auto res = read_request_cache_mem->read(fd, buffer, count);
+        LOG("Result of read is %lu", res);
+        return posix_return_value(res, result);
     }
     return CAPIO_POSIX_SYSCALL_REQUEST_SKIP;
 }