def main(argv=None):
"""The main function."""
(args, extras) = parseArgs(argv)
try:
verbose = False
output_html = False
if args.verbose_mode is not None:
verbose = args.verbose_mode
if args.output_html is not None:
output_html = bool(args.output_html)
if args.show_all is True:
showAlliFace(verbose, output_html)
elif args.list is True:
try:
for iface_name in get_iface_list():
print(str(iface_name))
except Exception as err:
remediation.error_breakpoint(err)
else:
interface = args.interface
print(show_iface(interface, verbose, output_html))
return 0
except Exception as main_err:
logs.log(
str("iface_check_status: REALLY BAD ERROR: ACTION will not be completed! ABORT!"
), "Error")
logs.log(str(main_err), "Error")
logs.log(str(main_err.args), "Error")
return 1
def main(argv=None):
"""The main event."""
try:
args = parseArgs(argv)
tainted_input = None
chroot_path = str(u'/tmp')
tainted_uid = os.geteuid()
tainted_gid = os.getegid()
os.umask(137)
if args.uid is not None and taint_int(args.uid):
tainted_uid = args.uid
if args.gid is not None:
tainted_gid = args.gid
if args.chroot_path is not None:
chroot_path = args.chroot_path
if args.unsafe_input is not None:
tainted_input = [utils.literal_str(x) for x in args.unsafe_input]
if args.unsafe_output is not False:
unsafe_output = unsafe_main(tainted_input, chroot_path,
tainted_uid, tainted_gid, True)
print(utils.literal_str(unsafe_output))
else:
unsafe_main(tainted_input, chroot_path, tainted_uid, tainted_gid,
False)
except Exception as mainErr:
remediation.error_breakpoint(
mainErr, str(u'MAIN FAILED DURING UNSAFE COMMAND. ABORT.'))
mainErr = None
del mainErr
return False
def unsafe_main(unsafe_input=None,
chrootpath=None,
uid=None,
gid=None,
passOutput=False):
"""
The main unsafe work.
Fork and drop privileges try to chroot. Then run unsafe input.
"""
ppid = os.getpid()
pid = os.fork()
if pid is not None and pid > ppid:
# this is the parent process... do whatever needs to be done as the parent
logs.log(
str("""OK - PiAP Launched pid {} as SANDBOXED COMMAND.""").format(
pid), "Debug")
exit(0)
else:
try:
# we are the child process... lets do that plugin thing!
if chrootpath is not None:
chworkingdir(chrootpath)
if taint_int(uid):
os.seteuid(int(uid))
if taint_int(gid):
os.setgid(int(gid))
except Exception as unsafeErr:
remediation.error_breakpoint(unsafeErr)
unsafeErr = None
del unsafeErr
os.abort()
# POSIX.1-2008 Sec. 11.2.3 - refork
tainted_pid = os.fork()
if tainted_pid is not None and tainted_pid > 0:
# this is the parent process... do whatever needs to be done as the parent
logs.log(
str("""OK - PiAP Launched pid {} as TAINTED COMMAND.""").
format(tainted_pid), "Warn")
exit(0)
else:
tainted_output = runUnsafeCommand(unsafe_input)
if (passOutput is not None and passOutput is True):
return tainted_output
return None
def chworkingdir(sandboxPath=None):
if sandboxPath is None:
sandboxPath = os.path.abspath("/tmp")
try:
if os.access(os.path.abspath(sandboxPath), os.F_OK):
if os.geteuid() > 0:
os.chdir(str(os.path.abspath(sandboxPath)))
else:
os.chroot(str(os.path.abspath(sandboxPath)))
else:
os.abort()
except OSError as badChrootErr:
remediation.error_breakpoint(badChrootErr)
badChrootErr = None
del badChrootErr
try:
os.chdir(str(os.path.abspath(sandboxPath)))
except Exception:
logs.log(str("""CRASH - PiAP aborted from sandboxing"""),
"CRITICAL")
os.abort()
return None
if args.unsafe_output is not False:
unsafe_output = unsafe_main(tainted_input, chroot_path,
tainted_uid, tainted_gid, True)
print(utils.literal_str(unsafe_output))
else:
unsafe_main(tainted_input, chroot_path, tainted_uid, tainted_gid,
False)
except Exception as mainErr:
remediation.error_breakpoint(
mainErr, str(u'MAIN FAILED DURING UNSAFE COMMAND. ABORT.'))
mainErr = None
del mainErr
return False
if __name__ in u'__main__':
try:
if (sys.argv is not None and len(sys.argv) > 1):
unsafe_pid = main(sys.argv[1:])
else:
raise Exception(
"MAIN FAILED WHEN FOUND TO BE CWE-22 UNSAFE. ABORT.")
except Exception as err:
remediation.error_breakpoint(
err, str(u'MAIN FAILED DURING UNSAFE COMMAND. ABORT.'))
err = None
del err
exit(255)
finally:
exit(0)