Fix #342: prevent certain commands at bootstrap and shutdown

Over the years there have been multiple cases of invalid and/or unsafe uses of signals and initctl commands at bootstrap and shutdown. These cases cannot be safely supported. This commit locks down finit a bit to avoid the most common cases. If you run into this, please open a new discussion at GitHub and we'll talk about it. Maybe I've been overzealous or you have another use-case that warrants opening up some or parts of the API. Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
troglobit · Jan 10, 2023 · a39ee0b · a39ee0b
1 parent 947d91a
commit a39ee0b
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 0 deletions.
diff --git a/src/api.c b/src/api.c
@@ -365,6 +365,25 @@ static void api_cb(uev_t *w, void *arg, int events)
 			break;
 		}
 
+		switch (rq.cmd) {
+		case INIT_CMD_RUNLVL:
+		case INIT_CMD_RELOAD:
+		case INIT_CMD_START_SVC:
+		case INIT_CMD_RESTART_SVC:
+		case INIT_CMD_STOP_SVC:
+		case INIT_CMD_RELOAD_SVC:
+		case INIT_CMD_REBOOT:
+		case INIT_CMD_HALT:
+		case INIT_CMD_POWEROFF:
+		case INIT_CMD_SUSPEND:
+			if (runlevel == 0 || runlevel == 6) {
+				warnx("Unsupported command in runlevel S and 6.");
+				return;
+			}
+		default:
+			break;
+		}
+
 		switch (rq.cmd) {
 		case INIT_CMD_RUNLVL:
 			switch (rq.runlevel) {

diff --git a/src/sig.c b/src/sig.c
@@ -431,6 +431,11 @@ static void sighup_cb(uev_t *w, void *arg, int events)
 		return;
 	}
 
+	if (runlevel == 0 || runlevel == 6) {
+		warnx("SIGHUP ignored in runlevel S and 6.");
+		return;
+	}
+
 	/* Restart initctl API domain socket, similar to systemd/SysV init */
 	api_exit();
 	api_init(w->ctx);
@@ -482,6 +487,11 @@ static void sigusr1_cb(uev_t *w, void *arg, int events)
 		return;
 	}
 
+	if (runlevel == 0 || runlevel == 6) {
+		warnx("SIGUSR1 ignored in runlevel S and 6.");
+		return;
+	}
+
 	/* Restart initctl API domain socket, similar to systemd/SysV init */
 	api_exit();
 	api_init(w->ctx);
@@ -498,6 +508,11 @@ static void sigusr2_cb(uev_t *w, void *arg, int events)
 		return;
 	}
 
+	if (runlevel == 0 || runlevel == 6) {
+		warnx("SIGUSR2 ignored in runlevel S and 6.");
+		return;
+	}
+
 	halt = SHUT_OFF;
 	service_runlevel(0);
 }
@@ -513,6 +528,11 @@ static void sigterm_cb(uev_t *w, void *arg, int events)
 		return;
 	}
 
+	if (runlevel == 0 || runlevel == 6) {
+		warnx("SIGTERM ignored in runlevel S and 6.");
+		return;
+	}
+
 	halt = SHUT_REBOOT;
 	service_runlevel(6);
 }