[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH] Incorrect matches when checking for listening daemons during ezjail-admin create

Hello list,

The new ezjail-admin create code which checks for daemons
listening on all IP addresses (*:something) sometimes matches
incorrectly because of an error in the regular expression.

The error happens when the list of pid's to check is created and
transformed into a greppable expression in the form
(123)|(456)|(789) where each number is a pid in a jail sharing IP
with the new jail, or in the base system. The grep -E expression
used to sort through the output of "sockstat -46l" is padded
with a space at each end, like so:
   grep -E -e " (123)|(456)|(789) "
but these spaces are not parsed the way the author intends.

The base system always has a [kernel] process with pid 0,
which results in a grep match when something in jail is
listening on a port ending with 0, like port 80. Observe:

Incorrect matches with current regexp:
$ sockstat -46l | grep -E -e "\*:[[:digit:]]" | grep -E -e "
(123)|(456)|(789)|(0) "
www      nginx      91103 25 tcp6   *:80                  *:*
root     nginx      91102 25 tcp6   *:80                  *:*

No matches with the fixed regexp:
$ sockstat -46l | grep -E -e "\*:[[:digit:]]" | grep -E -e "( 123 )|(
456 )|( 789 )|( 0 )"

I hope the example explains what I mean, the patch included
below fixes the problem for me.

Best regards

Thomas Steen Rasmussen

$ diff -u /usr/local/bin/ezjail-admin.orig /usr/local/bin/ezjail-admin
--- /usr/local/bin/ezjail-admin.orig    2012-01-14 19:36:20.986011645 +0100
+++ /usr/local/bin/ezjail-admin 2012-01-14 19:35:55.672890495 +0100
@@ -727,9 +727,9 @@
     # Fetch all corresponding process ids for all matching jail
     jail_pids=`pgrep $jail_ids`
     # expand pids to form a greppable expression
-    jail_grep=`echo $jail_pids | sed -E -e"s/ /)|(/g" -e"s/^/(/"
+    jail_grep=`echo $jail_pids | sed -E -e"s/ / )|( /g" -e"s/^/( /"
-e"s/$/ )/"`
-    ezjail_listener=`sockstat -46l | grep -E -e "\*:[[:digit:]]" | grep
-E -e " ${jail_grep} "`
+    ezjail_listener=`sockstat -46l | grep -E -e "\*:[[:digit:]]" | grep
-E -e "${jail_grep}"`
     [ $? -eq 0 ] && echo -e "Warning: Some services already seem to be
listening on all IP, (including ${ezjail_ip})\n  This may cause some
confusion, here they are:\n${ezjail_listener}"