mirror of
https://repo.dec05eba.com/gpu-screen-recorder
synced 2026-05-06 15:00:43 +09:00
gsr-kms-server 'security': only allow gpu-screen-recorder to get framebuffer
This commit is contained in:
dec05eba
@@ -146,47 +146,41 @@ static bool create_socket_path(char *output_path, size_t output_path_size) {
|
||||
return true;
|
||||
}
|
||||
|
||||
static void string_copy(char *dst, const char *src, int len) {
|
||||
int src_len = strlen(src);
|
||||
int min_len = src_len;
|
||||
if(len - 1 < min_len)
|
||||
min_len = len - 1;
|
||||
memcpy(dst, src, min_len);
|
||||
dst[min_len] = '\0';
|
||||
}
|
||||
|
||||
static bool find_program_in_path(const char *program_name, char *filepath, int filepath_len) {
|
||||
const char *path = getenv("PATH");
|
||||
if(!path)
|
||||
static bool readlink_realpath(const char *filepath, char *buffer) {
|
||||
char symlinked_path[PATH_MAX];
|
||||
ssize_t bytes_written = readlink(filepath, symlinked_path, sizeof(symlinked_path) - 1);
|
||||
if(bytes_written == -1 && errno == EINVAL) {
|
||||
/* Not a symlink */
|
||||
snprintf(symlinked_path, sizeof(symlinked_path), "%s", filepath);
|
||||
} else if(bytes_written == -1) {
|
||||
return false;
|
||||
|
||||
int program_name_len = strlen(program_name);
|
||||
const char *end = path + strlen(path);
|
||||
while(path != end) {
|
||||
const char *part_end = strchr(path, ':');
|
||||
const char *next = part_end;
|
||||
if(part_end) {
|
||||
next = part_end + 1;
|
||||
} else {
|
||||
part_end = end;
|
||||
next = end;
|
||||
}
|
||||
|
||||
int len = part_end - path;
|
||||
if(len + 1 + program_name_len < filepath_len) {
|
||||
memcpy(filepath, path, len);
|
||||
filepath[len] = '/';
|
||||
memcpy(filepath + len + 1, program_name, program_name_len);
|
||||
filepath[len + 1 + program_name_len] = '\0';
|
||||
|
||||
if(access(filepath, F_OK) == 0)
|
||||
return true;
|
||||
}
|
||||
|
||||
path = next;
|
||||
} else {
|
||||
symlinked_path[bytes_written] = '\0';
|
||||
}
|
||||
|
||||
return false;
|
||||
if(!realpath(symlinked_path, buffer))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static bool strcat_safe(char *str, int size, const char *str_to_add) {
|
||||
const int str_len = strlen(str);
|
||||
const int str_to_add_len = strlen(str_to_add);
|
||||
if(str_len + str_to_add_len + 1 >= size)
|
||||
return false;
|
||||
|
||||
memcpy(str + str_len, str_to_add, str_to_add_len);
|
||||
str[str_len + str_to_add_len] = '\0';
|
||||
return true;
|
||||
}
|
||||
|
||||
static void file_get_directory(char *filepath) {
|
||||
char *end = strrchr(filepath, '/');
|
||||
if(end == NULL)
|
||||
filepath[0] = '\0';
|
||||
else
|
||||
*end = '\0';
|
||||
}
|
||||
|
||||
int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) {
|
||||
@@ -206,10 +200,23 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) {
|
||||
}
|
||||
|
||||
char server_filepath[PATH_MAX];
|
||||
if(!find_program_in_path("gsr-kms-server", server_filepath, sizeof(server_filepath))) {
|
||||
fprintf(stderr, "gsr error: gsr_kms_client_init: gsr-kms-server is not installed\n");
|
||||
if(!readlink_realpath("/proc/self/exe", server_filepath)) {
|
||||
fprintf(stderr, "gsr error: gsr_kms_client_init: failed to resolve /proc/self/exe\n");
|
||||
return -1;
|
||||
}
|
||||
file_get_directory(server_filepath);
|
||||
|
||||
if(!strcat_safe(server_filepath, sizeof(server_filepath), "/gsr-kms-server")) {
|
||||
fprintf(stderr, "gsr error: gsr_kms_client_init: gsr-kms-server path too long\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if(access(server_filepath, F_OK) != 0) {
|
||||
fprintf(stderr, "gsr error: gsr_kms_client_init: gsr-kms-server is not installed (%s not found)\n", server_filepath);
|
||||
return -1;
|
||||
}
|
||||
|
||||
fprintf(stderr, "gsr info: gsr_kms_client_init: setting up connection to %s\n", server_filepath);
|
||||
|
||||
const bool inside_flatpak = getenv("FLATPAK_ID") != NULL;
|
||||
const char *home = getenv("HOME");
|
||||
@@ -251,7 +258,7 @@ int gsr_kms_client_init(gsr_kms_client *self, const char *card_path) {
|
||||
}
|
||||
|
||||
local_addr.sun_family = AF_UNIX;
|
||||
string_copy(local_addr.sun_path, self->initial_socket_path, sizeof(local_addr.sun_path));
|
||||
snprintf(local_addr.sun_path, sizeof(local_addr.sun_path), "%s", (const char*)self->initial_socket_path);
|
||||
|
||||
const mode_t prev_mask = umask(0000);
|
||||
const int bind_res = bind(self->initial_socket_fd, (struct sockaddr*)&local_addr, sizeof(local_addr.sun_family) + strlen(local_addr.sun_path));
|
||||
|
||||
@@ -1,3 +1,7 @@
|
||||
#ifndef _GNU_SOURCE
|
||||
#define _GNU_SOURCE
|
||||
#endif
|
||||
|
||||
#include "../kms_shared.h"
|
||||
|
||||
#include <stdio.h>
|
||||
@@ -6,6 +10,7 @@
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <unistd.h>
|
||||
#include <limits.h>
|
||||
#include <fcntl.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/un.h>
|
||||
@@ -413,13 +418,79 @@ static double clock_get_monotonic_seconds(void) {
|
||||
return (double)ts.tv_sec + (double)ts.tv_nsec * 0.000000001;
|
||||
}
|
||||
|
||||
static void string_copy(char *dst, const char *src, int len) {
|
||||
int src_len = strlen(src);
|
||||
int min_len = src_len;
|
||||
if(len - 1 < min_len)
|
||||
min_len = len - 1;
|
||||
memcpy(dst, src, min_len);
|
||||
dst[min_len] = '\0';
|
||||
static bool readlink_realpath(const char *filepath, char *buffer) {
|
||||
char symlinked_path[PATH_MAX];
|
||||
ssize_t bytes_written = readlink(filepath, symlinked_path, sizeof(symlinked_path) - 1);
|
||||
if(bytes_written == -1 && errno == EINVAL) {
|
||||
/* Not a symlink */
|
||||
snprintf(symlinked_path, sizeof(symlinked_path), "%s", filepath);
|
||||
} else if(bytes_written == -1) {
|
||||
return false;
|
||||
} else {
|
||||
symlinked_path[bytes_written] = '\0';
|
||||
}
|
||||
|
||||
if(!realpath(symlinked_path, buffer))
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static void file_get_directory(char *filepath) {
|
||||
char *end = strrchr(filepath, '/');
|
||||
if(end == NULL)
|
||||
filepath[0] = '\0';
|
||||
else
|
||||
*end = '\0';
|
||||
}
|
||||
|
||||
static bool string_ends_with(const char *str, const char *ends_with) {
|
||||
const int len = strlen(str);
|
||||
const int ends_with_len = strlen(ends_with);
|
||||
return len >= ends_with_len && memcmp(str + len - ends_with_len, ends_with, ends_with_len) == 0;
|
||||
}
|
||||
|
||||
// This is not foolproof, but the assumption is that gsr-kms-server and gpu-screen-recorder are installed in the same directory
|
||||
// in a location that only the root user can write to (usually /usr/bin or /usr/local/bin) and if the client runs from that location
|
||||
// and is called gpu-screen-recorder then gsr-kms-server can only be used by a malicious program if the malicious program
|
||||
// had root access, to modify that program install directory.
|
||||
static bool is_remote_peer_program_gpu_screen_recorder(int socket_fd) {
|
||||
// TODO: Use SO_PEERPIDFD on kernel >= 6.5 to avoid a race condition in the /proc/<pid> check
|
||||
struct ucred cred;
|
||||
socklen_t ucred_len = sizeof(cred);
|
||||
if(getsockopt(socket_fd, SOL_SOCKET, SO_PEERCRED, &cred, &ucred_len) == -1) {
|
||||
fprintf(stderr, "kms server error: failed to get peer credentials, error: %s\n", strerror(errno));
|
||||
return false;
|
||||
}
|
||||
|
||||
char self_directory[PATH_MAX];
|
||||
if(!readlink_realpath("/proc/self/exe", self_directory)) {
|
||||
fprintf(stderr, "kms server error: failed to resolve /proc/self/exe\n");
|
||||
return false;
|
||||
}
|
||||
file_get_directory(self_directory);
|
||||
|
||||
char peer_directory[PATH_MAX];
|
||||
char peer_exe_path[PATH_MAX];
|
||||
snprintf(peer_exe_path, sizeof(peer_exe_path), "/proc/%d/exe", (int)cred.pid);
|
||||
if(!readlink_realpath(peer_exe_path, peer_directory)) {
|
||||
fprintf(stderr, "kms server error: failed to resolve /proc/self/exe\n");
|
||||
return false;
|
||||
}
|
||||
|
||||
if(!string_ends_with(peer_directory, "/gpu-screen-recorder")) {
|
||||
fprintf(stderr, "kms server error: only gpu-screen-recorder can use gsr-kms-server. client program location is %s\n", peer_directory);
|
||||
return false;
|
||||
}
|
||||
|
||||
file_get_directory(peer_directory);
|
||||
|
||||
if(strcmp(self_directory, peer_directory) != 0) {
|
||||
fprintf(stderr, "kms server error: the client program is in directory %s but only programs in %s can run gsr-kms-server\n", peer_directory, self_directory);
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
@@ -478,7 +549,7 @@ int main(int argc, char **argv) {
|
||||
while(clock_get_monotonic_seconds() - start_time < connect_timeout_sec) {
|
||||
struct sockaddr_un remote_addr = {0};
|
||||
remote_addr.sun_family = AF_UNIX;
|
||||
string_copy(remote_addr.sun_path, domain_socket_path, sizeof(remote_addr.sun_path));
|
||||
snprintf(remote_addr.sun_path, sizeof(remote_addr.sun_path), "%s", domain_socket_path);
|
||||
// TODO: Check if parent disconnected
|
||||
if(connect(socket_fd, (struct sockaddr*)&remote_addr, sizeof(remote_addr.sun_family) + strlen(remote_addr.sun_path)) == -1) {
|
||||
if(errno == ECONNREFUSED || errno == ENOENT) {
|
||||
@@ -505,6 +576,11 @@ int main(int argc, char **argv) {
|
||||
goto done;
|
||||
}
|
||||
|
||||
if(!is_remote_peer_program_gpu_screen_recorder(socket_fd)) {
|
||||
res = 3;
|
||||
goto done;
|
||||
}
|
||||
|
||||
for(;;) {
|
||||
gsr_kms_request request;
|
||||
request.version = 0;
|
||||
|
||||
Reference in New Issue
Block a user