In case of remote process exit even when some messages are still
waiting, vchan connection can be already closed. If we try to send some
data in this case (for example stdout of local process), there will be
an error, which will terminate qrexec-client-vm/qrexec-agent child. So
first check vchan data (where could be MSG_EXIT_CODE queued) , then
local process.
There is still some race condition in this code - remote process could
exit just after we check vchan, but before we send some data. But this
is much less probable and in the worst case we only loose remote process
exit code.
Child process can request to use single socket for both stdin and
stdout by sending SIGUSR1 signal. If it does so twice or more, previous
code broke the connection by closing the socket.
This doesn't cover all the cases, because local process could want to
receive that value (currently it cant), but I can't think of any simple,
*compatible* way to pass it there.
This way qrexec-client-vm will have much more information, at least:
- will know whether the service call was accepted or refused
- potentially will know remote process exit code
This commit implements the first point - the local process will not be
started if service call was refused.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJU8N9vAAoJEBu5sftaTG2twC4P/A+AhTkx6VL7GtzuPKTlGSrL
nwdDgazTKm7ZuZrRdr5H5vuSH9FQhcjcEg3yC3DR4AMebd4KHVggL15CpUwp/LpI
BuVIIi5Apn0e3QkXU2VpU+EzlY0fcIxVUqhskfTGzgnq9qd+uKOM5O2i9Z/263Ld
UV4RGaWXt9hKIO4AbGafRuadQYJVC5/DdTKKA/H61vng6EiXwi3jMlZJyS5Lfgdr
NWedy9l5scUBElzKyplz/htPmghi3LQx7uJSEvHJYgGCrbksRDRD73TUmG6OV6mB
CT8ApZ3rOiekhuYdT7d0E8MOdID/LBCipabLpXEHfmtwYTtM3YZzxrnBXM7CcS0s
j7OKQyMeWMHvmEVvZzBpFuq/bjxL6ltBPoJ0uYTjIaK2RkiJajEUqjtt9d0mBMDq
qN2wPvDqpWCfDps10Iu/zLIBejo71bTTve9M9G0Z13M8g/6MjUDmSESar0tEhnEG
zlEwwTCk4Tqu2zdGpJSpKjAY7rmsI4IpdREvXbuXXwvMKlVIG6eR91muyz4gAxx3
KsPKPQKKGDNO9ZuJAqYt6+Ec2xp+BhlnhN0vvgciPvpK48YRkyFUaRM52Q0hVaUA
kZPc9JjPbyDX44S9EA+HBNzMKSaPSqyPDv8cH0ws83MoOLdi+xItK4e5rLyKQVd+
Kw502V+yos6e/72lhAnm
=f3yD
-----END PGP SIGNATURE-----
Merge tag 'jm_da2b0cde'
Tag for commit da2b0cde16
# gpg: Signature made Fri Feb 27 22:19:43 2015 CET using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007 8F27 1BB9 B1FB 5A4C 6DAD
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJU5oZKAAoJEBu5sftaTG2tbAUQAMfGO8f0Ml/rNpQI+TvQryCg
4tzdToILvk1pEjNxX5my6sDMxrHXf3fqOl8CQkNUbUZvVeFbDsZNodzE0ZNmJI+u
qaJBi+cG3KeE7LoqqzVhMyzwzBzd/WmSPqgNaJkEFgadmp77B61R7im4oCPxwk0j
gHloe91B+qq+lNBAbrphf6GJ6HgiTyGnDppXc3WSr6YMpNrdDlWmaPXHknfcm8WC
2Ay3ml16o0Xt6PHHwm4SUuxFSVmXYSU1HYHGPvnxx3jc5Dgt+FWM8yEsTQlKHpE0
3kTc2F6VTak5TcDIInGeot0FPv7+m8Hmdbc3uDy3LtMHvE39DxnGPUrwK6Vpumf6
7U8oisUfeP2wFwIzs8ZJwvNvnz86vb+Kl+s9fgXvT9LJjCHkC+fGczjtNLtSH007
7qiE1GAGbxi2K2e7fe6XEC0nDEt1mDBM7dFW/3siR6XU7mz7Eay71FtY6kVL6bOc
FNmn+8u0w784ZMr91biNVzxLFRygDueV/zXeOy0QTIwIrWvk3IdfVsiPFF+u8L24
diiMcBRtV1lvSHCFP2jPXR4yfbQ3qDGsScuL5zeJnRFwuzcBu8gFkPhdvGasK9sc
DAGxYb2AeCBFMV+six+NLmfZZCNki7yQzSWxqAisP8unwGh8Jl0nJHwbpWNPwIZ1
5ob6rJ8Vu/t3P8oftG7R
=yx2Q
-----END PGP SIGNATURE-----
Merge tag 'jm_de51e155'
Tag for commit de51e155f3
# gpg: Signature made Fri Feb 20 01:56:42 2015 CET using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007 8F27 1BB9 B1FB 5A4C 6DAD
This will ignore excluded deb, rpm, pkg and .git directories that were
tar'ed for the .orig.tar.gz debian upstream package file and will prevent
build errors
Do not send 'which' command output to stdout, as it will mess real
backup data.
This fixes regression introduced by this commit:
commit dad5bfbd18
Author: HW42 <hw42@ipsumj.de>
Date: Thu Feb 5 03:14:41 2015 +0100
remove 'bashisms' or explicit use bash
This process should be started from user session (most likely
qubes-session). New processes (of that user) will be created as
children of that session making logind and such crap happy. This should
also solve problems with EOF transmission (no additional "su" process)
and prevent loading all the environment multiple times.
Move (qrexec-agent version of) do_exec to qrexec-agent.c, move
handle_handshake to qrexec-agent-data.c (common to all agent binaries).
Fix indentation (tabs -> spaces).
The main advantage is possible use of single socket for both stdin and
stdout. This is strictly required for using USBIP over qrexec.
For compatibility qrexec still creates three socket pairs (instead of
pipes) for stdin/out/err respectively. When qrexec-agent receives
SIGUSR1, it will close stdout socket and use stdin socket for both
directions.
Some additional work is needed here to actually allow child process to
send that signal - qrexec is running as root, but child as "user" in
most cases.
Since the rules are no more directly handed to echo -e, sed needs to
handle all escape sequences used in rules (newline only, but in
different notations).
- Use copy-in for debian-quilt package in Makefile.builder instead of hook (to be removed) in Makefile.debian
- Remove patches from debian/patches; they are now applied dynamicly from series-debian-vm.conf
Applied patch to qrexec Makefile to prevent compile failure on warnings
qrexec: Disable all warnings being treated as errors
gcc -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -I. -g -Wall -Wextra -Werror -pie -fPIC `pkg-config --cflags vchan-xen` -D_FORTIFY_SOURCE=2 -c -o qrexec-agent-data.o qrexec-agent-data.c
qrexec-agent-data.c: In function 'handle_remote_data':
qrexec-agent-data.c:217:17: error: dereferencing type-punned pointer will break strict-aliasing rules [-Werror=strict-aliasing]
status = *(unsigned int *)buf;
^
cc1: all warnings being treated as errors
<builtin>: recipe for target 'qrexec-agent-data.o' failed
This is to allow permissions to be set on some devices where the user needs
less restrictive permissions. /etc/udev/rules.d/99-qubes-misc.rules changes
a few xen devices to allow the users in the qubes group access