packages/secDetector
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
secDetector/Backport-creatfile-check-op-intent-value.patch
zgzxx bc0768fa81 backport some patches
2023-12-09 15:58:09 +08:00

34 lines
1.1 KiB
Diff
Raw Permalink Blame History

From b3108cabb7ff97f8bb8b8398842cb2e8c623664c Mon Sep 17 00:00:00 2001
From: zgzxx <zhangguangzhi3@huawei.com>
Date: Wed, 6 Dec 2023 16:13:13 +0800
Subject: creatfile check op intent value
---
observer_agent/ebpf/file_ebpf/file_fentry.bpf.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c b/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c
index 7afb7e2..f4e7e44 100644
--- a/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c
+++ b/observer_agent/ebpf/file_ebpf/file_fentry.bpf.c
@@ -12,6 +12,7 @@
#define S_ISREG(m) (((m) & S_IFMT) == S_IFREG)
#define O_CREAT 100
+#define LOOKUP_CREATE 0x0200
char LICENSE[] SEC("license") = "Dual BSD/GPL";
@@ -107,7 +108,7 @@ int BPF_PROG(do_filp_open_exit, int dfd, struct filename *pathname, const struct
struct ebpf_event *e = NULL;
RETURN_ZERO_IF_OURSELF();
- if (op && !(op->open_flag & O_CREAT))
+ if (op && (!(op->open_flag & O_CREAT) || !(op->intent & LOOKUP_CREATE)))
return 0;
if (!S_ISREG(ret_file->f_inode->i_mode))
return 0;
--
2.33.0
Reference in New Issue View Git Blame Copy Permalink