From 6d00cfb2330cb47d00d350eedfbffbbf5991a743 Mon Sep 17 00:00:00 2001
From: Karel Zak
Date: Fri, 12 Jan 2018 11:01:26 +0100
Subject: include/debug: don't print pointer address for SUID programs

* introduce new flag __UL_DEBUG_FL_NOADDR to suppress pointer address printing

* use __UL_DEBUG_FL_NOADDR when SUID

* move ul_debugobj() to debugobj.h, and require UL_DEBUG_CURRENT_MASK
  to provide access to the current mask from ul_debugobj(). It's better
  than modify all ul_debugobj() calls and use the global mask as
  argument.

* remove never used UL_DEBUG_DEFINE_FLAG

Reported-by: halfdog <me@halfdog.net>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 include/Makemodule.am         |  1 +
 include/debug.h               | 27 +++++++++++----------------
 include/debugobj.h            | 22 ++++++++++++++++++++++
 lib/loopdev.c                 |  3 +++
 libblkid/src/blkidP.h         |  3 +++
 libfdisk/src/fdiskP.h         |  3 +++
 libmount/src/mountP.h         |  3 +++
 libsmartcols/src/smartcolsP.h |  3 +++
 misc-utils/lsblk.c            |  2 ++
 misc-utils/whereis.c          |  3 +++
 sys-utils/lsns.c              |  3 +++
 11 files changed, 57 insertions(+), 16 deletions(-)
 create mode 100644 include/debugobj.h

diff --git a/include/Makemodule.am b/include/Makemodule.am
index cfea1457c..3e7f7a01e 100644
--- a/include/Makemodule.am
+++ b/include/Makemodule.am
@@ -14,6 +14,7 @@ dist_noinst_HEADERS += \
 	include/crc32.h \
 	include/crc32c.h \
 	include/debug.h \
+	include/debugobj.h \
 	include/env.h \
 	include/exec_shell.h \
 	include/exitcodes.h \
diff --git a/include/debug.h b/include/debug.h
index 97c0e1f08..07a8dcb2a 100644
--- a/include/debug.h
+++ b/include/debug.h
@@ -49,11 +49,15 @@ struct ul_debug_maskname {
 #define UL_DEBUG_DEFINE_MASKNAMES(m) static const struct ul_debug_maskname m ## _masknames[]
 #define UL_DEBUG_MASKNAMES(m)	m ## _masknames
 
-#define UL_DEBUG_DEFINE_MASK(m) int m ## _debug_mask
+#define UL_DEBUG_MASK(m)         m ## _debug_mask
+#define UL_DEBUG_DEFINE_MASK(m)  int UL_DEBUG_MASK(m)
 #define UL_DEBUG_DECLARE_MASK(m) extern UL_DEBUG_DEFINE_MASK(m)
 
-/* p - flag prefix, m - flag postfix */
-#define UL_DEBUG_DEFINE_FLAG(p, m) p ## m
+/*
+ * Internal mask flags (above 0xffffff)
+ */
+#define __UL_DEBUG_FL_NOADDR	(1 << 24)	/* Don't print object address */
+
 
 /* l - library name, p - flag prefix, m - flag postfix, x - function */
 #define __UL_DBG(l, p, m, x) \
@@ -90,6 +94,10 @@ struct ul_debug_maskname {
 				lib ## _debug_mask = ul_debug_parse_envmask(lib ## _masknames, str); \
 		} else \
 			lib ## _debug_mask = mask; \
+		if (lib ## _debug_mask) { \
+			if (getuid() != geteuid() || getgid() != getegid()) \
+				lib ## _debug_mask |= __UL_DEBUG_FL_NOADDR; \
+		} \
 		lib ## _debug_mask |= pref ## INIT; \
 	} while (0)
 
@@ -104,19 +112,6 @@ ul_debug(const char *mesg, ...)
 	fputc('\n', stderr);
 }
 
-static inline void __attribute__ ((__format__ (__printf__, 2, 3)))
-ul_debugobj(const void *handler, const char *mesg, ...)
-{
-	va_list ap;
-
-	if (handler)
-		fprintf(stderr, "[%p]: ", handler);
-	va_start(ap, mesg);
-	vfprintf(stderr, mesg, ap);
-	va_end(ap);
-	fputc('\n', stderr);
-}
-
 static inline int ul_debug_parse_envmask(
 			const struct ul_debug_maskname flagnames[],
 			const char *mask)
diff --git a/include/debugobj.h b/include/debugobj.h
new file mode 100644
index 000000000..73b70b8df
--- /dev/null
+++ b/include/debugobj.h
@@ -0,0 +1,22 @@
+#ifndef UTIL_LINUX_DEBUGOBJ_H
+#define UTIL_LINUX_DEBUGOBJ_H
+
+/*
+ * Include *after* debug.h and after UL_DEBUG_CURRENT_MASK define.
+ */
+
+static inline void __attribute__ ((__format__ (__printf__, 2, 3)))
+ul_debugobj(const void *handler, const char *mesg, ...)
+{
+	va_list ap;
+
+	if (handler && !(UL_DEBUG_CURRENT_MASK & __UL_DEBUG_FL_NOADDR))
+		fprintf(stderr, "[%p]: ", handler);
+
+	va_start(ap, mesg);
+	vfprintf(stderr, mesg, ap);
+	va_end(ap);
+	fputc('\n', stderr);
+}
+
+#endif /* UTIL_LINUX_DEBUGOBJ_H */
diff --git a/lib/loopdev.c b/lib/loopdev.c
index 819aada32..7274f8480 100644
--- a/lib/loopdev.c
+++ b/lib/loopdev.c
@@ -57,6 +57,9 @@ UL_DEBUG_DEFINE_MASKNAMES(loopdev) = UL_DEBUG_EMPTY_MASKNAMES;
 #define DBG(m, x)       __UL_DBG(loopdev, LOOPDEV_DEBUG_, m, x)
 #define ON_DBG(m, x)    __UL_DBG_CALL(loopdev, LOOPDEV_DEBUG_, m, x)
 
+#define UL_DEBUG_CURRENT_MASK	UL_DEBUG_MASK(loopdev)
+#include "debugobj.h"
+
 static void loopdev_init_debug(void)
 {
 	if (loopdev_debug_mask)
diff --git a/libblkid/src/blkidP.h b/libblkid/src/blkidP.h
index 8108b0efa..22c985631 100644
--- a/libblkid/src/blkidP.h
+++ b/libblkid/src/blkidP.h
@@ -338,6 +338,9 @@ UL_DEBUG_DECLARE_MASK(libblkid);
 #define DBG(m, x)	__UL_DBG(libblkid, BLKID_DEBUG_, m, x)
 #define ON_DBG(m, x)    __UL_DBG_CALL(libblkid, BLKID_DEBUG_, m, x)
 
+#define UL_DEBUG_CURRENT_MASK	UL_DEBUG_MASK(libblkid)
+#include "debugobj.h"
+
 extern void blkid_debug_dump_dev(blkid_dev dev);
 
 
diff --git a/libfdisk/src/fdiskP.h b/libfdisk/src/fdiskP.h
index 0b9d43413..e7c264edc 100644
--- a/libfdisk/src/fdiskP.h
+++ b/libfdisk/src/fdiskP.h
@@ -47,6 +47,9 @@ UL_DEBUG_DECLARE_MASK(libfdisk);
 #define ON_DBG(m, x)	__UL_DBG_CALL(libfdisk, LIBFDISK_DEBUG_, m, x)
 #define DBG_FLUSH	__UL_DBG_FLUSH(libfdisk, LIBFDISK_DEBUG_)
 
+#define UL_DEBUG_CURRENT_MASK	UL_DEBUG_MASK(libfdisk)
+#include "debugobj.h"
+
 /*
  * NLS -- the library has to be independent on main program, so define
  * UL_TEXTDOMAIN_EXPLICIT before you include nls.h.
diff --git a/libmount/src/mountP.h b/libmount/src/mountP.h
index b00426d67..d47d26442 100644
--- a/libmount/src/mountP.h
+++ b/libmount/src/mountP.h
@@ -50,6 +50,9 @@ UL_DEBUG_DECLARE_MASK(libmount);
 #define ON_DBG(m, x)	__UL_DBG_CALL(libmount, MNT_DEBUG_, m, x)
 #define DBG_FLUSH	__UL_DBG_FLUSH(libmount, MNT_DEBUG_)
 
+#define UL_DEBUG_CURRENT_MASK	UL_DEBUG_MASK(libmount)
+#include "debugobj.h"
+
 /*
  * NLS -- the library has to be independent on main program, so define
  * UL_TEXTDOMAIN_EXPLICIT before you include nls.h.
diff --git a/libsmartcols/src/smartcolsP.h b/libsmartcols/src/smartcolsP.h
index b3b54cddd..510e7a980 100644
--- a/libsmartcols/src/smartcolsP.h
+++ b/libsmartcols/src/smartcolsP.h
@@ -36,6 +36,9 @@ UL_DEBUG_DECLARE_MASK(libsmartcols);
 #define ON_DBG(m, x)	__UL_DBG_CALL(libsmartcols, SCOLS_DEBUG_, m, x)
 #define DBG_FLUSH	__UL_DBG_FLUSH(libsmartcols, SCOLS_DEBUG_)
 
+#define UL_DEBUG_CURRENT_MASK	UL_DEBUG_MASK(libsmartcols)
+#include "debugobj.h"
+
 /*
  * Generic iterator
  */
diff --git a/misc-utils/lsblk.c b/misc-utils/lsblk.c
index 9d3460b43..9e9f3cf81 100644
--- a/misc-utils/lsblk.c
+++ b/misc-utils/lsblk.c
@@ -75,6 +75,8 @@ UL_DEBUG_DEFINE_MASKNAMES(lsblk) = UL_DEBUG_EMPTY_MASKNAMES;
 #define DBG(m, x)       __UL_DBG(lsblk, LSBLK_DEBUG_, m, x)
 #define ON_DBG(m, x)    __UL_DBG_CALL(lsblk, LSBLK_DEBUG_, m, x)
 
+#define UL_DEBUG_CURRENT_MASK	UL_DEBUG_MASK(lsblk)
+#include "debugobj.h"
 
 #define LSBLK_EXIT_SOMEOK 64
 #define LSBLK_EXIT_ALLFAILED 32
diff --git a/misc-utils/whereis.c b/misc-utils/whereis.c
index 0f583cc7a..c6bf2fa4b 100644
--- a/misc-utils/whereis.c
+++ b/misc-utils/whereis.c
@@ -72,6 +72,9 @@ UL_DEBUG_DEFINE_MASKNAMES(whereis) = UL_DEBUG_EMPTY_MASKNAMES;
 #define DBG(m, x)       __UL_DBG(whereis, WHEREIS_DEBUG_, m, x)
 #define ON_DBG(m, x)    __UL_DBG_CALL(whereis, WHEREIS_DEBUG_, m, x)
 
+#define UL_DEBUG_CURRENT_MASK	UL_DEBUG_MASK(whereis)
+#include "debugobj.h"
+
 static char uflag = 0;
 
 /* supported types */
diff --git a/sys-utils/lsns.c b/sys-utils/lsns.c
index a9437aacb..4a39f66ef 100644
--- a/sys-utils/lsns.c
+++ b/sys-utils/lsns.c
@@ -66,6 +66,9 @@ UL_DEBUG_DEFINE_MASKNAMES(lsns) = UL_DEBUG_EMPTY_MASKNAMES;
 #define DBG(m, x)       __UL_DBG(lsns, LSNS_DEBUG_, m, x)
 #define ON_DBG(m, x)    __UL_DBG_CALL(lsns, LSNS_DEBUG_, m, x)
 
+#define UL_DEBUG_CURRENT_MASK	UL_DEBUG_MASK(lsns)
+#include "debugobj.h"
+
 static struct idcache *uid_cache = NULL;
 
 /* column IDs */
-- 
cgit v1.2.3-55-g7522