Browse code

clamd: add new option ClamukoExcludeUID (bb#2260)

Tomasz Kojm authored on 2011/03/01 05:49:11
Showing 8 changed files
... ...
@@ -1,3 +1,8 @@
1
+Mon Feb 28 21:46:50 CET 2011 (tk)
2
+---------------------------------
3
+ * clamd: add new option ClamukoExcludeUID (bb#2260)
4
+	  Based on idea from alfred*bokxing.nl
5
+
1 6
 Fri Feb 25 14:49:04 CET 2011 (tk)
2 7
 ---------------------------------
3 8
  * libclamav/elf.c: fix incorrect detection of Broken.Executable (bb#2580)
... ...
@@ -185,6 +185,11 @@ static void *clamukolegacyth(void *arg)
185 185
 		}
186 186
 	    }
187 187
 
188
+	    if(clamuko_checkowner(acc->pid, tharg->opts)) {
189
+		scan = 0;
190
+		logg("*Clamuko: %s skipped (excluded UID)\n", acc->filename);
191
+	    }
192
+
188 193
 	    context.filename = acc->filename;
189 194
 	    context.virsize = 0;
190 195
 	    if(scan && cl_scanfile_callback(acc->filename, &virname, NULL, tharg->engine, tharg->options, &context) == CL_VIRUS) {
... ...
@@ -153,6 +153,12 @@ static void *clamuko_scanth(void *arg)
153 153
 	    }
154 154
 	}
155 155
 
156
+	if(clamuko_checkowner(acc.pid, tharg->opts)) {
157
+	    dazukofs_get_filename(&acc, filename, sizeof(filename));
158
+	    logg("*Clamuko: %s skipped (excluded UID)\n", filename);
159
+	    skip_scan = 1;
160
+	}
161
+
156 162
 	context.filename = NULL;
157 163
 	context.virsize = 0;
158 164
 	if(skip_scan) {
... ...
@@ -722,3 +722,25 @@ void detstats_print(int desc, char term)
722 722
 	mdprintf(desc, "%u:%s:%u:%s:%s%c", detstats_data[i].time, detstats_data[i].md5, detstats_data[i].fsize, detstats_data[i].virname, detstats_data[i].fname, term);
723 723
     pthread_mutex_unlock(&detstats_lock);
724 724
 }
725
+
726
+#ifdef CLAMUKO
727
+int clamuko_checkowner(int pid, const struct optstruct *opts)
728
+{
729
+	char path[32];
730
+	struct stat sb;
731
+	const struct optstruct *opt;
732
+
733
+    if(!(opt = optget(opts, "ClamukoExcludeUID"))->enabled)
734
+	return 0;
735
+
736
+    snprintf(path, sizeof(path), "/proc/%u", pid);
737
+    if(stat(path, &sb) == 0) {
738
+	while(opt) {
739
+	    if(opt->numarg == (long long) sb.st_uid)
740
+		return 1;
741
+	    opt = opt->nextarg;
742
+	}
743
+    }
744
+    return 0;
745
+}
746
+#endif
... ...
@@ -86,4 +86,8 @@ void detstats_clear(void);
86 86
 void detstats_add(const char *virname, const char *fname, unsigned int fsize, const char *md5);
87 87
 void detstats_print(int desc, char term);
88 88
 
89
+#ifdef CLAMUKO
90
+int clamuko_checkowner(int pid, const struct optstruct *opts);
91
+#endif
92
+
89 93
 #endif
... ...
@@ -466,6 +466,10 @@ Default: no
466 466
 Set the exclude paths. All subdirectories will also be excluded.
467 467
 .br 
468 468
 Default: no
469
+\fBClamukoExcludeUID NUMBER\fR
470
+With this option you can whitelist specific UIDs. Processes with these UIDs will be able to access all files. This option can be used multiple times (one per line).
471
+.br 
472
+Default: no
469 473
 .TP 
470 474
 \fBClamukoMaxFileSize SIZE\fR
471 475
 Ignore files larger than SIZE.
... ...
@@ -458,6 +458,12 @@ Example
458 458
 # Default: disabled
459 459
 #ClamukoExcludePath /home/bofh
460 460
 
461
+# With this option you can whitelist specific UIDs. Processes with these UIDs
462
+# will be able to access all files.
463
+# This option can be used multiple times (one per line).
464
+# Default: disabled
465
+#ClamukoExcludeUID 0
466
+
461 467
 # With this option enabled ClamAV will load bytecode from the database. 
462 468
 # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
463 469
 # Default: yes
... ...
@@ -339,6 +339,8 @@ const struct clam_option __clam_options[] = {
339 339
 
340 340
     { "ClamukoExcludePath", NULL, 0, TYPE_STRING, NULL, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "This option allows excluding directories from on-access scanning. It can\nbe used multiple times.", "/home/bofh\n/root" },
341 341
 
342
+    { "ClamukoExcludeUID", NULL, 0, TYPE_NUMBER, MATCH_NUMBER, -1, NULL, FLAG_MULTIPLE, OPT_CLAMD, "With this option you can whitelist specific UIDs. Processes with these UIDs\nwill be able to access all files.\nThis option can be used multiple times (one per line).", "0" },
343
+
342 344
     { "ClamukoMaxFileSize", NULL, 0, TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD, "Files larger than this value will not be scanned.", "5M" },
343 345
 
344 346
     /* FIXME: mark these as private and don't output into clamd.conf/man */