From 8bb323d4aa52b9559229ea0037904aa08265a972 Mon Sep 17 00:00:00 2001 From: Ryan Butler Date: Mon, 30 Sep 2024 18:10:07 -0400 Subject: [PATCH] slot-ctrl: remove two lines of unsafe --- Cargo.lock | 35 +++++++++++++++++---------------- Cargo.toml | 3 ++- orb-slot-ctrl/Cargo.toml | 7 +++++++ orb-slot-ctrl/src/efivar/mod.rs | 3 ++- orb-slot-ctrl/src/main.rs | 6 +++--- 5 files changed, 32 insertions(+), 22 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 39374cec..a353f33f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -366,7 +366,7 @@ dependencies = [ "futures-lite 2.2.0", "parking", "polling 3.3.2", - "rustix 0.38.30", + "rustix 0.38.37", "slab", "tracing", "windows-sys 0.52.0", @@ -414,7 +414,7 @@ dependencies = [ "cfg-if", "event-listener 3.1.0", "futures-lite 1.13.0", - "rustix 0.38.30", + "rustix 0.38.37", "windows-sys 0.48.0", ] @@ -433,7 +433,7 @@ dependencies = [ "cfg-if", "event-listener 5.3.1", "futures-lite 2.2.0", - "rustix 0.38.30", + "rustix 0.38.37", "tracing", ] @@ -460,7 +460,7 @@ dependencies = [ "cfg-if", "futures-core", "futures-io", - "rustix 0.38.30", + "rustix 0.38.37", "signal-hook-registry", "slab", "windows-sys 0.48.0", @@ -3446,9 +3446,9 @@ checksum = "ef53942eb7bf7ff43a617b3e2c1c4a5ecf5944a7c1bc12d7ee39bbb15e5c1519" [[package]] name = "linux-raw-sys" -version = "0.4.13" +version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "01cda141df6706de531b6c46c3a33ecca755538219bd484262fa09410c13539c" +checksum = "78b3ae25bc7c8c38cec158d1f2757ee79e9b3740fbc7ccf0e59e4b08d793fa89" [[package]] name = "listenfd" @@ -3939,7 +3939,7 @@ dependencies = [ "libc", "log", "once_cell", - "rustix 0.38.30", + "rustix 0.38.37", "slab", "windows-sys 0.48.0", ] @@ -4078,7 +4078,7 @@ version = "0.2.9" dependencies = [ "color-eyre", "data-encoding", - "event-listener 4.0.3", + "event-listener 5.3.1", "eyre", "futures", "orb-attest-dbus", @@ -4289,6 +4289,7 @@ dependencies = [ "eyre", "libc", "orb-build-info", + "rustix 0.38.37", "thiserror", ] @@ -4656,7 +4657,7 @@ dependencies = [ "cfg-if", "concurrent-queue", "pin-project-lite", - "rustix 0.38.30", + "rustix 0.38.37", "tracing", "windows-sys 0.52.0", ] @@ -5032,7 +5033,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "767be24c0da52e7448d495b8d162506a9aa125426651d547d545d6c2b4b65b62" dependencies = [ "cfg-if", - "rustix 0.38.30", + "rustix 0.38.37", "windows 0.52.0", ] @@ -5246,14 +5247,14 @@ dependencies = [ [[package]] name = "rustix" -version = "0.38.30" +version = "0.38.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "322394588aaf33c24007e8bb3238ee3e4c5c09c084ab32bc73890b99ff326bca" +checksum = "8acb788b847c24f28525660c4d7758620a7210875711f79e7f663cc152726811" dependencies = [ "bitflags 2.4.2", "errno", "libc", - "linux-raw-sys 0.4.13", + "linux-raw-sys 0.4.14", "windows-sys 0.52.0", ] @@ -6010,7 +6011,7 @@ dependencies = [ "cfg-if", "fastrand 2.0.1", "redox_syscall", - "rustix 0.38.30", + "rustix 0.38.37", "windows-sys 0.52.0", ] @@ -6818,7 +6819,7 @@ dependencies = [ "either", "home", "once_cell", - "rustix 0.38.30", + "rustix 0.38.37", ] [[package]] @@ -7117,8 +7118,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8da84f1a25939b27f6820d92aed108f83ff920fdf11a7b19366c27c4cda81d4f" dependencies = [ "libc", - "linux-raw-sys 0.4.13", - "rustix 0.38.30", + "linux-raw-sys 0.4.14", + "rustix 0.38.37", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index b670bd4e..6c335097 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -49,11 +49,13 @@ console-subscriber = "0.2" data-encoding = "2.3" derive_more = { version = "0.99", default-features = false, features = ["display", "from"] } eyre = "0.6.12" +ftdi-embedded-hal = { version = "0.22.0", features = ["libftd2xx", "libftd2xx-static"] } futures = "0.3.30" libc = "0.2.153" nix = { version = "0.28", default-features = false, features = [] } reqwest = { version = "0.11", default-features = false, features = ["rustls-tls", "stream"] } ring = "0.16" +rustix = "0.38.37" secrecy = "0.8" serde = { version = "1.0.197", features = ["derive"] } serde_json = "1" @@ -67,7 +69,6 @@ tracing = "0.1" tracing-journald = "0.3.0" tracing-subscriber = { version = "0.3", features = ["env-filter"] } zbus = { version = "4.4.0", default-features = false, features = ["tokio"] } -ftdi-embedded-hal = { version = "0.22.0", features = ["libftd2xx", "libftd2xx-static"] } zbus_systemd = "0.25600.0" can-rs.path = "can" diff --git a/orb-slot-ctrl/Cargo.toml b/orb-slot-ctrl/Cargo.toml index 1d30b7ea..1d6b009e 100644 --- a/orb-slot-ctrl/Cargo.toml +++ b/orb-slot-ctrl/Cargo.toml @@ -19,6 +19,13 @@ libc.workspace = true orb-build-info.path = "../build-info" thiserror.workspace = true +[dependencies.rustix] +workspace = true +features = [ + "fs", + "process", +] + [build-dependencies] orb-build-info = { path = "../build-info", features = ["build-script"] } diff --git a/orb-slot-ctrl/src/efivar/mod.rs b/orb-slot-ctrl/src/efivar/mod.rs index b1aaf40f..f81207ef 100644 --- a/orb-slot-ctrl/src/efivar/mod.rs +++ b/orb-slot-ctrl/src/efivar/mod.rs @@ -8,6 +8,7 @@ //! [efivar Documentation](https://www.kernel.org/doc/html/latest/filesystems/efivarfs.html) use std::{ + ffi::c_int, fs::File, io::{Read, Write}, path::{Path, PathBuf}, @@ -79,7 +80,7 @@ impl EfiVar { let file_read = File::open(&self.path).map_err(|e| Error::open_file(&self.path, e))?; - let original_attributes: libc::c_int = + let original_attributes: c_int = ioctl::read_file_attributes(&file_read).map_err(Error::GetAttributes)?; // Make file mutable. diff --git a/orb-slot-ctrl/src/main.rs b/orb-slot-ctrl/src/main.rs index bbba3e7b..728f0101 100644 --- a/orb-slot-ctrl/src/main.rs +++ b/orb-slot-ctrl/src/main.rs @@ -63,9 +63,9 @@ enum StatusCommands { } fn check_running_as_root(error: orb_slot_ctrl::Error) { - let uid = unsafe { libc::getuid() }; - let euid = unsafe { libc::geteuid() }; - if !matches!((uid, euid), (0, 0)) { + let uid = rustix::process::getuid(); + let euid = rustix::process::geteuid(); + if !(uid.is_root() && euid.is_root()) { println!("Please try again as root user."); exit(1) }