Rafal Wojtczuk
b4fb7a4b5d
qrexec: added two I/O error checks, even though it is redundant in these cases
2011-05-04 12:56:52 +02:00
Rafal Wojtczuk
d68183da0c
qrexec: added comments, made identifiers more verbose
2011-05-04 12:52:54 +02:00
Rafal Wojtczuk
675d4ce25b
qrexec_daemon: add explicite sanitize routine
...
It sanitizes messages from agent, the only untrusted input. No new
checks have been added, just moved the code.
2011-05-04 10:53:43 +02:00
Rafal Wojtczuk
b7698de251
qrexec_daemon: print dots when waiting for agent
2011-03-31 11:23:44 +02:00
Rafal Wojtczuk
1fc8f242c5
Merge branch 'master' of git.qubes-os.org:/var/lib/qubes/git/marmarek/core into spring-merge
2011-03-28 17:27:50 +02:00
Rafal Wojtczuk
5c10812e36
qrexec_agent: When running as root, make the socket accessible
...
... world-rw. Perms on /var/run/qubes still limit access to group qubes.
2011-03-25 13:47:01 +01:00
Marek Marczykowski
14e50e983d
gitignores
2011-03-23 19:57:48 -04:00
Rafal Wojtczuk
01b75b5987
Enable build on non-appvm.
2011-03-23 17:47:35 +01:00
Rafal Wojtczuk
7f6a06c354
qrexec: in write_stdin, remove dependency on write size
...
Previous code could barf when write was partial; probably can happen
only if we increase vchan buffer size, but it is better isolated now.
2011-03-18 11:16:05 +01:00
Rafal Wojtczuk
1d24ef9d1a
qrexec: when forgetting about a client/process, flush buffered data
...
We need to spawn a child to take care of buffered data flushing, if there
is any. Expensive, but should be needed rarely.
2011-03-17 18:15:04 +01:00
Rafal Wojtczuk
53b517f6a5
qrexec: move set_nonblock function to write_stdin
...
It will be needed there.
2011-03-17 17:53:33 +01:00
Rafal Wojtczuk
fb71bf968c
qrexec_agent: when receiving close from daemon, check buffered data
...
We need to wait for buffer flush, so that buffered data is not lost,
and only then close pipe to the child.
2011-03-17 17:37:35 +01:00
Rafal Wojtczuk
af7fefa73f
qrexec: handle buffered writes correctly
...
In case when we have a buffered write, always append to the
buffer, even if the pipe happens to be writable now. If not,
in case of certain tight race we might end up writing buffered data in
wrong order.
2011-03-17 16:53:29 +01:00
Rafal Wojtczuk
d40fb3a2e1
Fifo semantics is hard to get right.
...
Finally: we need to close the command pipe at EOF.
2011-03-16 16:11:05 +01:00
Rafal Wojtczuk
15bab70eae
Handle pipe io in qrexec_agent properly
...
Don't reopen pipe after each read - no need, and it could lose events.
2011-03-16 15:18:37 +01:00
Rafal Wojtczuk
769eedd33a
Make qrexec_client wait for its local child before exiting
...
If we do not wait and exit imemdiately, qrexec_daemon will decrease
the children count and continue spawning processes, while e.g.
qfile-daemon still waits for kdialog - so dom0 will be DoSed by
multiple processes.
2011-03-16 14:52:35 +01:00
Rafal Wojtczuk
27cfd6111a
qrexec_daemon limits the number of its children
...
So that evil VM cannot just send flood of exec qfile-daemon requests,
and DoS dom0.
2011-03-16 14:21:45 +01:00
Rafal Wojtczuk
00f4bf1197
qrexec_client accepts non-numeric domain description.
...
Just tries to open qrexec.argv[1].
2011-03-11 16:06:00 +01:00
Rafal Wojtczuk
470ddce435
qrexec_daemon creates VMname-based link to its socket
2011-03-11 14:14:04 +01:00
Rafal Wojtczuk
b9e0e93a90
In qrexec_client, check write_all(local_stdin_fd,..) value
2011-03-11 13:16:33 +01:00
Rafal Wojtczuk
1a5bfd8c2b
Reset SIGPIPE in qrexec_daemon, too.
2011-03-11 13:08:19 +01:00
Rafal Wojtczuk
e19390ca1c
Moved ioall.c file to "common"
2011-03-11 11:47:20 +01:00
Rafal Wojtczuk
f1a7df6e95
Implemented mechanism to trigger predefined execution in dom0.
...
Processes in AppVM can ask qrexec-agent to send a
MSG_AGENT_TO_SERVER_TRIGGER_EXEC message to qrexec-daemon.
The latter will execute predefined program. It is useful for
the purpose of file copy; the predefined program will create
a connected qfile-daemon<->qfile-agent pair.
2011-03-10 15:41:31 +01:00
Rafal Wojtczuk
8f90623661
Add ability to execute command without help of /bin/su
...
It is important, if the program closes stdout, but does not exit.
Then, qrexec_agent does not see EOF (because su still holds the
file descriptor).
2011-03-10 13:08:06 +01:00
Rafal Wojtczuk
f263aa6b7c
Moved vchan and u2mfn code to core.
2011-03-08 12:24:47 +01:00
Rafal Wojtczuk
27c8b05792
qrexec_daemon child should notify the parent.
2011-03-07 13:54:57 +01:00
Rafal Wojtczuk
50252ec64e
qrexec_daemon parent should exit after connection to VM.
2011-03-07 13:50:30 +01:00
Rafal Wojtczuk
bb0507c89a
Make qrexec_daemon socket accessible.
...
Set restructive umask after socket creation.
2011-03-04 17:41:54 +01:00
Rafal Wojtczuk
b899bfc9ba
Daemonize qrexec_daemon.
2011-03-04 17:38:59 +01:00
Rafal Wojtczuk
b98dffc965
qrexec* tools, initial version
2011-03-04 16:32:58 +01:00