cmd/fpkg: call app in-process

Wrapping fortify is slow, painful and error-prone. Start apps in-process instead. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-02-26 19:46:43 +09:00
parent 45ad788c6d
commit 673b648bd3
10 changed files with 121 additions and 115 deletions
--- a/internal/app/shim/manager.go
+++ b/internal/app/shim/manager.go
@@ -52,14 +52,8 @@ func (s *Shim) Start(
 	syncFd *os.File,
 ) (*time.Time, error) {
 	// prepare user switcher invocation
-	var fsu string
-	if p, ok := internal.Path(internal.Fsu); !ok {
-		return nil, fmsg.WrapError(errors.New("bad fsu path"),
-			"invalid fsu path, this copy of fortify is not compiled correctly")
-	} else {
-		fsu = p
-	}
-	s.cmd = exec.Command(fsu)
+	fsuPath := internal.MustFsuPath()
+	s.cmd = exec.Command(fsuPath)

 	// pass shim setup pipe
 	if fd, e, err := proc.Setup(&s.cmd.ExtraFiles); err != nil {
--- a/internal/comp.go
+++ b/internal/comp.go
@@ -3,10 +3,15 @@ package internal
 const compPoison = "INVALIDINVALIDINVALIDINVALIDINVALID"

 var (
-	Version = compPoison
+	version = compPoison
 )

-// Check validates string value set at compile time.
-func Check(s string) (string, bool) {
-	return s, s != compPoison && s != ""
+// check validates string value set at compile time.
+func check(s string) (string, bool) { return s, s != compPoison && s != "" }
+
+func Version() string {
+	if v, ok := check(version); ok {
+		return v
+	}
+	return "impure"
 }
--- a/internal/path.go
+++ b/internal/path.go
@@ -1,12 +1,23 @@
 package internal

-import "path"
+import (
+	"log"
+	"path"

-var (
-	Fsu     = compPoison
-	Fortify = compPoison
+	"git.gensokyo.uk/security/fortify/internal/fmsg"
 )

-func Path(p string) (string, bool) {
-	return p, p != compPoison && p != "" && path.IsAbs(p)
+var (
+	fsu = compPoison
+)
+
+func MustFsuPath() string {
+	if name, ok := checkPath(fsu); ok {
+		return name
+	}
+	fmsg.BeforeExit()
+	log.Fatal("invalid fsu path, this program is compiled incorrectly")
+	return compPoison
 }
+
+func checkPath(p string) (string, bool) { return p, p != compPoison && p != "" && path.IsAbs(p) }
--- a/internal/sys/std.go
+++ b/internal/sys/std.go
@@ -4,7 +4,6 @@ import (
 	"errors"
 	"fmt"
 	"io/fs"
-	"log"
 	"os"
 	"os/exec"
 	"os/user"
@@ -79,32 +78,27 @@ func (s *Std) Uid(aid int) (int, error) {
 	defer func() { s.uidCopy[aid] = u }()

 	u.uid = -1
-	if fsu, ok := internal.Check(internal.Fsu); !ok {
-		fmsg.BeforeExit()
-		log.Fatal("invalid fsu path, this copy of fortify is not compiled correctly")
-		// unreachable
-		return 0, syscall.EBADE
-	} else {
-		cmd := exec.Command(fsu)
-		cmd.Path = fsu
-		cmd.Stderr = os.Stderr // pass through fatal messages
-		cmd.Env = []string{"FORTIFY_APP_ID=" + strconv.Itoa(aid)}
-		cmd.Dir = "/"
-		var (
-			p         []byte
-			exitError *exec.ExitError
-		)
+	fsuPath := internal.MustFsuPath()

-		if p, u.err = cmd.Output(); u.err == nil {
-			u.uid, u.err = strconv.Atoi(string(p))
-			if u.err != nil {
-				u.err = fmsg.WrapErrorSuffix(u.err, "cannot parse uid from fsu:")
-			}
-		} else if errors.As(u.err, &exitError) && exitError != nil && exitError.ExitCode() == 1 {
-			u.err = fmsg.WrapError(syscall.EACCES, "") // fsu prints to stderr in this case
-		} else if os.IsNotExist(u.err) {
-			u.err = fmsg.WrapError(os.ErrNotExist, fmt.Sprintf("the setuid helper is missing: %s", fsu))
+	cmd := exec.Command(fsuPath)
+	cmd.Path = fsuPath
+	cmd.Stderr = os.Stderr // pass through fatal messages
+	cmd.Env = []string{"FORTIFY_APP_ID=" + strconv.Itoa(aid)}
+	cmd.Dir = "/"
+	var (
+		p         []byte
+		exitError *exec.ExitError
+	)
+
+	if p, u.err = cmd.Output(); u.err == nil {
+		u.uid, u.err = strconv.Atoi(string(p))
+		if u.err != nil {
+			u.err = fmsg.WrapErrorSuffix(u.err, "cannot parse uid from fsu:")
 		}
-		return u.uid, u.err
+	} else if errors.As(u.err, &exitError) && exitError != nil && exitError.ExitCode() == 1 {
+		u.err = fmsg.WrapError(syscall.EACCES, "") // fsu prints to stderr in this case
+	} else if os.IsNotExist(u.err) {
+		u.err = fmsg.WrapError(os.ErrNotExist, fmt.Sprintf("the setuid helper is missing: %s", fsuPath))
 	}
+	return u.uid, u.err
 }