Server : Apache System : Linux server2.corals.io 4.18.0-348.2.1.el8_5.x86_64 #1 SMP Mon Nov 15 09:17:08 EST 2021 x86_64 User : corals ( 1002) PHP Version : 7.4.33 Disable Function : exec,passthru,shell_exec,system Directory : /proc/thread-self/root/opt/rh/gcc-toolset-11/root/usr/share/systemtap/examples/general/ |
#!/opt/rh/gcc-toolset-11/root/usr/bin/stap
# badname.stp
# Prevent the creation of files with undesirable names.
# Source: http://blog.cuviper.com/2009/04/08/hacking-linux-filenames/
# return non-zero if the filename should be blocked
function filter:long (name:string)
{
return isinstr(name, "XXXbadnameXXX")
}
global squash_inode_permission
# We really want to probe may_create(). But, may_create() is now
# always inlined, and stap can't find its arguments. So, we have to
# probe may_create()'s callers.
probe kernel.{function("vfs_create"), function("vfs_mknod"),
function("vfs_mkdir"), function("vfs_symlink"),
function("vfs_link"), function("vfs_rename")}
{
# screen out the conditions which may_create will fail anyway
if (@choose_defined($dentry->d_inode, $new_dentry->d_inode)
|| @choose_defined($dir->i_flags, $new_dir->i_flags) & %{ S_DEAD %}) next
# check that the new file meets our naming rules
if (filter(kernel_string(@choose_defined($dentry->d_name->name,
$new_dentry->d_name->name))))
squash_inode_permission[tid()] = 1
}
probe kernel.function("inode_permission@fs/namei.c").return !,
kernel.function("permission@fs/namei.c").return
{
if (!$return && squash_inode_permission[tid()])
$return = -13 # -EACCES (Permission denied)
delete squash_inode_permission[tid()]
}