Merge pull request #41 from GBuella/no_proc_self_cmdline

Remove usage of /proc/self/cmdline

Author: Sarah Jelinek

README.md

@@ -103,12 +103,11 @@ intercept.log-123.
 is not truncated.
 
 *INTERCEPT_HOOK_CMDLINE_FILTER* -- when set, the library
-checks the contents of the /proc/self/cmdline file.
+checks the command line used to start the program.
 Hotpatching, and syscall intercepting is only done, if the
-last component of the first zero terminated string in
-/proc/self/cmdline matches the string provided
-in the environment variable. This can also be queried
-by the user of the library:
+last component of the command used to start the program
+is the same as the string provided in the environment variable.
+This can also be queried by the user of the library:
 ```c
 int syscall_hook_in_process_allowed(void);
 ```

src/entry.c

@@ -35,6 +35,7 @@
  *  expected to be executed by the loader while using LD_PRELOAD
  */
 
+#include <stdbool.h>
 #include <stdlib.h>
 #include <string.h>
 #include <syscall.h>
@@ -44,6 +45,8 @@
 #include "libsyscall_intercept_hook_point.h"
 #include "intercept.h"
 
+static const char *cmdline;
+
 /*
  * entry_point - the main entry point for syscall_intercept
  *
@@ -53,41 +56,45 @@
  * called intercept.
  */
 static __attribute__((constructor)) void
-entry_point(void)
+entry_point(int argc, char **argv)
 {
+	if (argc < 1)
+		return;
+
+	cmdline = argv[0];
+
 	if (syscall_hook_in_process_allowed())
 		intercept();
 }
 
 /*
- * match_with_file_end
- * Compare a string with the end of a file's contents.
- * Reads only char by char, but it is expected to be used only for a dozen or so
- * chars at a time. See syscall_hook_in_process_allowed below.
+ * cmdline_match - match the last component of the path in cmdline
  */
-static bool
-match_with_file_end(const char *expected, int fd)
+static int
+cmdline_match(const char *filter)
 {
-	char file_c; /* next character from file */
-	const char *c; /* next character from the expected string */
-
-	if (expected[0] == '\0')
-		return false;
-
-	c = expected;
-
-	while (syscall_no_intercept(SYS_read, fd, &file_c, (size_t)1)
-			== (ssize_t)1) {
-		if (file_c == '\0') /* this probably never happens */
-			break;
+	if (filter == NULL)
+		return 1;
 
-		if (file_c != *c)
-			c = expected; /* start from the beginning */
-		else
-			++c; /* match next char */
-	}
+	size_t flen = strlen(filter);
+	size_t clen = strlen(cmdline);
+
+	if (flen > clen)
+		return 0; /* cmdline can't contain filter */
+
+	/*
+	 * If cmdline is longer, it must end with a slash + filter:
+	 * "./somewhere/a.out" matches "a.out"
+	 * "./a.out" matches "a.out"
+	 * "./xa.out" does not match "a.out"
+	 *
+	 * Of course if cmdline is not longer, the slash is not needed:
+	 * "a.out" matches "a.out"
+	 */
+	if (clen > flen && cmdline[clen - flen - 1] != '/')
+		return 0;
 
-	return *c == '\0';
+	return strcmp(cmdline + clen - flen, filter) == 0;
 }
 
 /*
@@ -99,23 +106,14 @@ match_with_file_end(const char *expected, int fd)
 int
 syscall_hook_in_process_allowed(void)
 {
-	int fd;
-	bool result;
-	const char *filter;
-
-	filter = getenv("INTERCEPT_HOOK_CMDLINE_FILTER");
-	if (filter == NULL)
-		return 1;
-
-	fd = (int)syscall_no_intercept(SYS_open,
-			"/proc/self/cmdline", O_RDONLY, (mode_t)0);
-
-	if (fd < 0)
-		return 0;
+	static bool is_decided;
+	static int result;
 
-	result = match_with_file_end(filter, fd);
+	if (is_decided)
+		return result;
 
-	(void) syscall_no_intercept(SYS_close, fd);
+	result = cmdline_match(getenv("INTERCEPT_HOOK_CMDLINE_FILTER"));
+	is_decided = true;
 
 	return result;
 }

test/CMakeLists.txt

@@ -165,12 +165,10 @@ add_test(NAME "filter_none"
 set_tests_properties("filter_none"
 	PROPERTIES PASS_REGULAR_EXPRESSION "hooked - allowed")
 
-get_filename_component(filter_test_filename $<TARGET_FILE:filter_test> NAME)
-
 add_test(NAME "filter_positive"
 	COMMAND ${CMAKE_COMMAND}
 	-DTEST_EXTRA_PRELOAD=${TEST_EXTRA_PRELOAD}
-	-DFILTER=${filter_test_filename}
+	-DFILTER=$<TARGET_FILE_NAME:filter_test>
 	-DTEST_PROG=$<TARGET_FILE:filter_test>
 	-P ${CMAKE_CURRENT_SOURCE_DIR}/check.cmake)
 set_tests_properties("filter_positive"
@@ -185,6 +183,26 @@ add_test(NAME "filter_negative"
 set_tests_properties("filter_negative"
 	PROPERTIES PASS_REGULAR_EXPRESSION "disallowed")
 
+# the filter is a substring of the executable name
+add_test(NAME "filter_negative_substring0"
+	COMMAND ${CMAKE_COMMAND}
+	-DTEST_EXTRA_PRELOAD=${TEST_EXTRA_PRELOAD}
+	-DFILTER_PLUS_ONECHAR=$<TARGET_FILE_NAME:filter_test>
+	-DTEST_PROG=$<TARGET_FILE:filter_test>
+	-P ${CMAKE_CURRENT_SOURCE_DIR}/check.cmake)
+set_tests_properties("filter_negative_substring0"
+	PROPERTIES PASS_REGULAR_EXPRESSION "disallowed")
+
+# the executable name is a substring of the filter
+add_test(NAME "filter_negative_substring1"
+	COMMAND ${CMAKE_COMMAND}
+	-DTEST_EXTRA_PRELOAD=${TEST_EXTRA_PRELOAD}
+	-DFILTER=A$<TARGET_FILE_NAME:filter_test>
+	-DTEST_PROG=$<TARGET_FILE:filter_test>
+	-P ${CMAKE_CURRENT_SOURCE_DIR}/check.cmake)
+set_tests_properties("filter_negative_substring1"
+	PROPERTIES PASS_REGULAR_EXPRESSION "disallowed")
+
 add_executable(test_clone_thread test_clone_thread.c)
 target_link_libraries(test_clone_thread PRIVATE ${CMAKE_THREAD_LIBS_INIT})
 add_library(test_clone_thread_preload SHARED test_clone_thread_preload.c)

test/check.cmake

@@ -30,8 +30,13 @@
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
+if(FILTER_PLUS_ONECHAR)
+	string(SUBSTRING "${FILTER_PLUS_ONECHAR}" 1 -1 FILTER)
+endif()
+
 if(FILTER)
-set(ENV{INTERCEPT_HOOK_CMDLINE_FILTER} ${FILTER})
+	set(ENV{INTERCEPT_HOOK_CMDLINE_FILTER} ${FILTER})
+	message("FILTER: ${FILTER}")
 endif()
 
 if(LIB_FILE)