Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-11-27 09:30:43 -05:00
Code Issues Projects Releases Packages Wiki Activity

Implement paranoid mode in emerg-shutdown

Browse source
This commit is contained in:
Aaron Rainbolt 2025-08-06 19:33:38 -05:00
parent 29480df770
commit 0c1af00aae
No known key found for this signature in database
GPG key ID: A709160D73C79109
1 changed files with 17 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
usr/src/security-misc/emerg-shutdown.c
View file

@ -298,6 +298,10 @@ void print_usage() {
print(fd_stderr, " pressed at the same time, an emergency shutdown will occur.\n"); print(fd_stderr, " pressed at the same time, an emergency shutdown will occur.\n");
print(fd_stderr, " Keys separated with a pipe will be treated as aliases of each\n"); print(fd_stderr, " Keys separated with a pipe will be treated as aliases of each\n");
print(fd_stderr, " other.\n"); print(fd_stderr, " other.\n");
print(fd_stderr, " --paranoid\n");
print(fd_stderr, " Watches for the removal of any removable device whatsoever. An\n");
print(fd_stderr, " emergency shutdown will be triggered if any device is removed.\n");
print(fd_stderr, " Cannot be combined with --devices.\n");
print(fd_stderr, " --instant-shutdown\n"); print(fd_stderr, " --instant-shutdown\n");
print(fd_stderr, " Immediately triggers an emergency shutdown. Cannot be combined\n"); print(fd_stderr, " Immediately triggers an emergency shutdown. Cannot be combined\n");
print(fd_stderr, " with other options.\n"); print(fd_stderr, " with other options.\n");
@ -474,6 +478,7 @@ void hw_monitor(int argc, char **argv) {
char input_path_buf[input_path_size]; char input_path_buf[input_path_size];
struct pollfd *pollfd_list = NULL; struct pollfd *pollfd_list = NULL;
struct input_event ie_buf[64]; struct input_event ie_buf[64];
bool paranoid_mode = false;
/* Index variables */ /* Index variables */
int arg_idx = 0; int arg_idx = 0;
@ -493,6 +498,8 @@ void hw_monitor(int argc, char **argv) {
exit(1); exit(1);
} }
load_list(argv[arg_idx], &target_dev_list_len, &target_dev_name_raw_list, ",", true); load_list(argv[arg_idx], &target_dev_list_len, &target_dev_name_raw_list, ",", true);
} else if (strcmp(argv[arg_idx], "--paranoid") == 0) {
paranoid_mode = true;
} else if (strncmp(argv[arg_idx], "--keys=", strlen("--keys=")) == 0) { } else if (strncmp(argv[arg_idx], "--keys=", strlen("--keys=")) == 0) {
if (panic_key_str_list != NULL) { if (panic_key_str_list != NULL) {
print(fd_stderr, "--keys cannot be passed more than once!\n"); print(fd_stderr, "--keys cannot be passed more than once!\n");
@ -508,6 +515,11 @@ void hw_monitor(int argc, char **argv) {
exit(1); exit(1);
} }
} }
if (target_dev_name_raw_list != NULL && paranoid_mode) {
print(fd_stderr, "--devices and --paranoid are mutually exclusive!\n");
print_usage();
exit(1);
}
console_fd = open("/dev/console", O_RDWR); console_fd = open("/dev/console", O_RDWR);
if (console_fd == -1) { if (console_fd == -1) {
@ -844,6 +856,11 @@ void hw_monitor(int argc, char **argv) {
goto next_str; goto next_str;
} }
if (paranoid_mode) {
/* Something was removed, we don't care what, shut down now */
kill_system();
}
for (tdl_idx = 0; tdl_idx < target_dev_list_len; tdl_idx++) { for (tdl_idx = 0; tdl_idx < target_dev_list_len; tdl_idx++) {
if (strcmp(rem_dev_name, target_dev_list[tdl_idx]) == 0) { if (strcmp(rem_dev_name, target_dev_list[tdl_idx]) == 0) {
kill_system(); kill_system();