Gecko [ apartmentfairs.com ]

Name	Size	Permission
032609e5fedd9ca1d6fa9da8bd8f4e...	11.66 KB	-rwxr-xr-x
062ba73df4095cb7b74900ab43b75d...	20.62 KB	-rwxr-xr-x
13059e7687ca5f9cb5e13f7af680c4...	49.29 KB	-rwxr-xr-x
2fa98a4e1c9808012407de77520671...	35.04 KB	-rwxr-xr-x
3ac1fe439d18ac520bee69e253eca3...	32.45 KB	-rwxr-xr-x
5ed029daa0a34b894a7cf3435b226f...	37.33 KB	-rwxr-xr-x
6179083404965764c42b6217a5925e...	23.81 KB	-rwxr-xr-x
6809c05ea1ee2fa7ce9ca096e68bd8...	28.01 KB	-rwxr-xr-x
76369994d2bb33aaf741dbab2c0249...	11.94 KB	-rwxr-xr-x
76c881bc5e7933823d296a0a9f41d1...	5.22 MB	-rwxr-xr-x
9789db4dc676f1e084436739dbaaac...	19.77 KB	-rwxr-xr-x
9be54a54de6e7716b4a6a857a898d9...	32.61 KB	-rwxr-xr-x
a1972ca0fa7c90e7d77926fd59252b...	73.04 KB	-rwxr-xr-x
a6572fa7e093a5b55bd51846c3ad04...	11.73 KB	-rwxr-xr-x
c7903fd1ae5f32424cbaeee1f0766e...	11.88 KB	-rwxr-xr-x
c822673183f336bcf1e5f3fd90ce54...	44.1 KB	-rwxr-xr-x
ca894a3192461d7a8dab2f8c753c5a...	470.48 KB	-rwxr-xr-x
cc5f91672435c33c0a92d7167604c4...	405.98 KB	-rwxr-xr-x
cd395887046394d27691526f11a86b...	12.57 KB	-rwxr-xr-x
d23d5ee13c810155e87c0306a421bd...	259.8 KB	-rwxr-xr-x
d3ddc0b9bcdb1fac93db9a1d471ed5...	11.78 KB	-rwxr-xr-x
ef2ea0fb43a23d2a2b2289cce13a90...	11.68 KB	-rwxr-xr-x
f0ca413aa1975d628f879a718852c3...	351.37 KB	-rwxr-xr-x
f5ed711d4f771cfca2a5b3f43abb4f...	28.37 KB	-rwxr-xr-x
ff1836963f49a0af62b792be23b67a...	4.42 KB	-rwxr-xr-x

Code Editor : ff1836963f49a0af62b792be23b67a6cf161a9

#!/bin/bash
##CageFS proxyexec wrapper - ver 18

if [[ $EUID -eq 0 ]]; then
    echo 'Cannot be run as root'
    exit 1
fi

USR=`/usr/bin/whoami`
USER_TOKEN_PATH="/var/.cagefs/.cagefs.token"
WEBSITE_ISOLATION_FLAG="/opt/cloudlinux/flags/enabled-flags.d/website-isolation.flag"
# Trust boundary for the website-isolation token path: it must point
# directly at the regular file that create_website_token_directory()
# creates inside its root-owned per-user storage area. That area is
# /var/cagefs/<prefix>/<user>/.cagefs/website/... on the host and is
# bind-mounted into the cage at /var/.cagefs/website/... — both views
# are accepted because libenter.enter_site() picks one or the other
# depending on whether it runs inside or outside the cage. The file
# itself is never a symlink, so we reject symlinks outright rather
# than canonicalizing with realpath. Without this gate the attacker
# controls both the env var WEBSITE_TOKEN_PATH and the file contents
# at that path; the file contents land in $TOKEN, which is embedded
# into the ssh remote command argv below and re-parsed by the remote
# shell — so shell metacharacters in the file would execute on the
# origin host. (Slite #7 / CLOS-4490)
if [[ -f "$WEBSITE_ISOLATION_FLAG" && -n "$WEBSITE_TOKEN_PATH" ]]; then
    if [[ -L "$WEBSITE_TOKEN_PATH" ]]; then
        echo "cagefs.proxy: WEBSITE_TOKEN_PATH '$WEBSITE_TOKEN_PATH' must not be a symlink" >&2
        exit 1
    fi
    if [[ ! -f "$WEBSITE_TOKEN_PATH" ]]; then
        echo "cagefs.proxy: WEBSITE_TOKEN_PATH '$WEBSITE_TOKEN_PATH' is not an existing regular file" >&2
        exit 1
    fi
    # Reject `..` as a path component so the prefix check below cannot
    # be bypassed via traversal (e.g. /var/cagefs/../etc/passwd matches
    # the /var/cagefs/* glob but resolves outside the trusted area).
    case "$WEBSITE_TOKEN_PATH" in
        */../*|*/..)
            echo "cagefs.proxy: WEBSITE_TOKEN_PATH '$WEBSITE_TOKEN_PATH' must not contain '..' path components" >&2
            exit 1
            ;;
    esac
    case "$WEBSITE_TOKEN_PATH" in
        /var/cagefs/*|/var/.cagefs/*) ;;
        *)
            echo "cagefs.proxy: WEBSITE_TOKEN_PATH must be under /var/cagefs/ or /var/.cagefs/ (got '$WEBSITE_TOKEN_PATH')" >&2
            exit 1
            ;;
    esac
    USER_TOKEN_PATH="$WEBSITE_TOKEN_PATH"
fi
# The -L/-f/prefix gate above is defense-in-depth, TOCTOU is not exploitable because the
# forwarded $TOKEN must still equal the legit on-disk bytes that the
# origin's cagefs.server reads with open(..., O_NOFOLLOW) from a
# uid-derived path (see find_website_by_token() in
# proxyexec/cagefs.server.c) — a swapped symlink redirects what we
# cat, never what the server reads, so a TOCTOU substitution can only
# replace the forwarded bytes with something that fails the server's
# constant-time comparison.
TOKEN=`/bin/cat ${USER_TOKEN_PATH}`
# Tokens are generated as fixed-length alphanumerics by
# _generate_password() in py/clcagefslib/webisolation/jail_utils.py and
# by the corresponding C helper. Any non-alphanumeric byte means the
# token file was tampered with — refuse to forward it into the ssh
# remote command, where the remote shell would re-parse metacharacters.
# Use POSIX `case` rather than `[[ =~ ]]` because the wrapper is also
# invoked through `sh` (e.g. jenkins_tests/rpm_tests/p_cagefs/
# 939-environment_var-check.sh), and dash treats `[[` as a missing
# command — the regex form would falsely trip and exit the script.
case "$TOKEN" in
    "" | *[!A-Za-z0-9]*)
        echo "cagefs.proxy: refusing to forward malformed token from $USER_TOKEN_PATH" >&2
        exit 1
        ;;
esac
# It's user's tmp directory and write to it is secure procedure
# because this script is running only under usual user
PIDFILE="/tmp/.cagefs.proxy.$$"
USER_INTERRUPT=13
CWD=`pwd`

ctrl_c_handler() {
    if [[ -f "$PIDFILE" ]]; then
        pid=`/bin/cat $PIDFILE`
        /bin/rm -f $PIDFILE > /dev/null 2>&1
        /bin/kill -s SIGINT "$pid" > /dev/null 2>&1
    fi
    exit $USER_INTERRUPT
}

if [[ -e /var/.cagefs/origin ]]; then
    ORIGIN=`/bin/cat /var/.cagefs/origin`
    REMOTE="/usr/bin/ssh -F /etc/ssh/cagefs-rexec_config $USR@$ORIGIN"
    $REMOTE CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock "$USR" "$CWD" USERDOMAINS $$ "$@"
    RETVAL=$?
else
    trap 'ctrl_c_handler' 2
    CAGEFS_TOKEN="$TOKEN" /usr/sbin/proxyexec -c cagefs.sock "$USR" "$CWD" USERDOMAINS $$ "$@"
    RETVAL=$?
    /bin/rm -f $PIDFILE > /dev/null 2>&1
fi

exit $RETVAL

${this.title}

Code Editor : ff1836963f49a0af62b792be23b67a6cf161a9