search

pymumu / jail-shell

Jail-shell is a linux security tool mainly using chroot, namespaces technologies, limiting users to perform specific commands, and access sepcific directories.
GNU General Public License v2.0
110 stars 20 forks source link

warnings after Werror removed in makefile #17

Open jaimbh opened 1 year ago

jaimbh commented 1 year ago

When i enter "make", it gives this error:

[root@devloc jail-shell]# make make -C jail-cmd all make[1]: Entering directory '/jail-shell/jail-cmd' cc -g -O2 -Werror -Wall -Wstrict-prototypes -fno-omit-frame-pointer -Wstrict-aliasing -c -o jail-cmd.o jail-cmd.c jail-cmd.c: In function ‘cmd_init’: jail-cmd.c:92:3: error: ‘strncpy’ specified bound 32 equals destination size [-Werror=stringop-truncation] strncpy(cmd->jsid, getenv(JAIL_KEY), sizeof(cmd->jsid)); ^~~~~~~~~~~~~~~ cc1: all warnings being treated as errors make[1]: [: jail-cmd.o] Error 1 make[1]: Leaving directory '/jail-shell/jail-cmd' make: [Makefile:14: JAIL_CMD] Error 2

. .

I removed -Werror from Makefile in /jail-shell/jail-cmd and then entered "make". It gave me these warnings:

[root@devloc jail-shell]# make make -C jail-cmd all make[1]: Entering directory '/jail-shell/jail-cmd' cc -g -O2 -Wall -Wstrict-prototypes -fno-omit-frame-pointer -Wstrict-aliasing -c -o jail-cmd.o jail-cmd.c jail-cmd.c: In function ‘cmd_init’: jail-cmd.c:92:3: warning: ‘strncpy’ specified bound 32 equals destination size [-Wstringop-truncation] strncpy(cmd->jsid, getenv(JAIL_KEY), sizeof(cmd->jsid)); ^~~~~~~~~~~~~~~ cc -g -O2 -Wall -Wstrict-prototypes -fno-omit-frame-pointer -Wstrict-aliasing -c -o jail-common.o jail-common.c cc -g -O2 -Wall -Wstrict-prototypes -fno-omit-frame-pointer -Wstrict-aliasing jail-cmd.o jail-common.o -o jail-cmd cc -g -O2 -Wall -Wstrict-prototypes -fno-omit-frame-pointer -Wstrict-aliasing -c -o jail-cmdd.o jail-cmdd.c jail-cmdd.c: In function ‘run_process’: jail-cmdd.c:354:37: warning: ‘%s’ directive output may be truncated writing up to 4095 bytes into a region of size 4066 [-Wformat-truncation=] snprintf(cmd_path, PATH_MAX, "%s/%s%s", COMMAND_ROOT_PATH, jail_name, cmd_name); ^~ ~~~~ jail-cmdd.c:354:2: note: ‘snprintf’ output 31 or more bytes (assuming 4126) into a destination of size 4096 snprintf(cmd_path, PATH_MAX, "%s/%s%s", COMMAND_ROOT_PATH, jail_name, cmd_name); ^~~~~~~~~~~~~~~~~~~ cc -g -O2 -Wall -Wstrict-prototypes -fno-omit-frame-pointer -Wstrict-aliasing jail-cmdd.o jail-common.o -o jail-cmdd -lutil make[1]: Leaving directory '/jail-shell/jail-cmd' make -C pam_jail_shell all make[1]: Entering directory '/jail-shell/pam_jail_shell' cc -g -O2 -fPIC -Wall -Wall -Wstrict-prototypes -fno-omit-frame-pointer -Wstrict-aliasing -c -o pam_jail_shell.o pam_jail_shell.c pam_jail_shell.c: In function ‘run_jail_post_script.part.1’: pam_jail_shell.c:934:38: warning: ‘%s’ directive output may be truncated writing up to 4095 bytes into a region of size 4053 [-Wformat-truncation=] snprintf(post_cmd, PATH_MAX, "%s %s %s/%s", LOGIN_POST_SCRIPT, user, jail_home, info->jail); ^~ ~~~~~ pam_jail_shell.c:934:2: note: ‘snprintf’ output 45 or more bytes (assuming 5163) into a destination of size 4096 snprintf(post_cmd, PATH_MAX, "%s %s %s/%s", LOGIN_POST_SCRIPT, user, jail_home, info->jail); ^~~~~~~~~~~~~~~~~~~ pam_jail_shell.c: In function ‘do_mount’: pam_jail_shell.c:445:36: warning: ‘/ptmx’ directive output may be truncated writing 5 bytes into a region of size between 1 and 4096 [-Wformat-truncation=] snprintf(check_file, PATH_MAX, "%s/ptmx", pts_path); ^~~~~ pam_jail_shell.c:445:2: note: ‘snprintf’ output between 6 and 4101 bytes into a destination of size 4096 snprintf(check_file, PATH_MAX, "%s/ptmx", pts_path); ^~~~~~~~~~~ pam_jail_shell.c:486:52: warning: ‘%s’ directive output may be truncated writing up to 4095 bytes into a region of size 4077 [-Wformat-truncation=] snprintf(mount_cmd, PATH_MAX, "mount -t proc proc %s -o nosuid,noexec,nodev,ro", proc_path); ^~ ~~~~~ pam_jail_shell.c:486:2: note: ‘snprintf’ output between 46 and 4141 bytes into a destination of size 4096 snprintf(mount_cmd, PATH_MAX, "mount -t proc proc %s -o nosuid,noexec,nodev,ro", proc_path); ^~~~~~~~~~~~~~~~~~~ pam_jail_shell.c:493:56: warning: ‘%s’ directive output may be truncated writing up to 4095 bytes into a region of size 4073 [-Wformat-truncation=] snprintf(mount_cmd, PATH_MAX, "mount -t devpts devpts %s -o nosuid,noexec", pts_path); ^~ ~~~~ pam_jail_shell.c:493:2: note: ‘snprintf’ output between 41 and 4136 bytes into a destination of size 4096 snprintf(mount_cmd, PATH_MAX, "mount -t devpts devpts %s -o nosuid,noexec", pts_path); ^~~~~~~~~~~~~~~~~~~~~ pam_jail_shell.c: In function ‘set_jsid_env’: pam_jail_shell.c:836:43: warning: ‘%s’ directive output may be truncated writing up to 4095 bytes into a region of size 27 [-Wformat-truncation=] snprintf(jsid_env, TMP_BUFF_LEN_32, "%s=%s", JAIL_KEY, buff); ^~ ~~~~ pam_jail_shell.c:836:3: note: ‘snprintf’ output between 6 and 4101 bytes into a destination of size 32 snprintf(jsid_env, TMP_BUFF_LEN_32, "%s=%s", JAIL_KEY, buff); ^~~~~~~~~~~~~~~~ pam_jail_shell.c: In function ‘start_jail’: pam_jail_shell.c:991:40: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size between 0 and 4095 [-Wformat-truncation=] snprintf(jail_path, MAX_LINE_LEN, "%s/%s", jail_home, info->jail); ^~ pam_jail_shell.c:991:2: note: ‘snprintf’ output between 2 and 5120 bytes into a destination of size 4096 snprintf(jail_path, MAX_LINE_LEN, "%s/%s", jail_home, info->jail); ^~~~~~~~~~~~~~~~~ pam_jail_shell.c:962:2: warning: ‘strncpy’ specified bound 4096 equals destination size [-Wstringop-truncation] strncpy(user, user_pam, MAX_LINE_LEN); ^~~~~~~~~ cc -g -O2 -fPIC -Wall -Wall -Wstrict-prototypes -fno-omit-frame-pointer -Wstrict-aliasing pam_jail_shell.o -shared -o pam_jail_shell.so cc -g -O2 -fPIC -Wall -Wall -Wstrict-prototypes -fno-omit-frame-pointer -Wstrict-aliasing -c -o jail_init.o jail_init.c jail_init.c: In function ‘main’: jail_init.c:138:4: warning: ‘strncpy’ specified bound 4096 equals destination size [-Wstringop-truncation] strncpy(user, optarg, MAX_LINE_LEN); ^~~~~~~~~~~ cc -g -O2 -fPIC -Wall -Wall -Wstrict-prototypes -fno-omit-frame-pointer -Wstrict-aliasing jail_init.o -o jail-init make[1]: Leaving directory '/jail-shell/pam_jail_shell'

. .

Removing -Werror from Makefile gets the job done but I don't think it is a good practice to ignore all these warnings. Can you fix these?

pymumu commented 1 year ago

Fixed

jaimbh commented 1 year ago

root@host:~# du -sh /var/local/jail-shell/jails/* 254M /var/local/jail-shell/jails/user1-jail 14M /var/local/jail-shell/jails/user2-jail 14M /var/local/jail-shell/jails/user3-jail 14M /var/local/jail-shell/jails/user4-jail

I was wondering why the size of the first user's jail is always larger while the sizes of the other users' jails are much lesser and similar. The jail conf for all the jails were similar. I noticed this same thing in 5 OS:- ubuntu18 and 20, almalinux 8 and centos 7and 8. I jailed multiple users as root. The first jail is always above 200 mb whereas all the below jails are around 10 mb. I am just trying to understand why it is like that for my knowledge. Can you help with the explanation?

pymumu commented 1 year ago

du -lh /var/local/jail-shell/jails/user1-jail