File Manager

Hackfut Security File Manager

Current Path: /usr/lib/python2.6/site-packages

📁 ..
📁 Babel-0.9.4-py2.6.egg-info
📄 Markdown-2.0.1-py2.6.egg-info(1.31 KB)
📁 Pygments-1.1.1-py2.6.egg-info
📁 argparse-1.2.1-py2.6.egg-info
📄 argparse.py(85.73 KB)
📄 argparse.pyc(65.1 KB)
📄 argparse.pyo(64.93 KB)
📁 babel
📁 backports
📁 backports.ssl_match_hostname-3.4.0.2-py2.6.egg-info
📁 boto
📁 boto-2.34.0-py2.6.egg-info
📁 chardet
📁 chardet-2.2.1-py2.6.egg-info
📁 clcommon
📄 clsudo.py(12.65 KB)
📄 clsudo.pyc(11.13 KB)
📄 clsudo.pyo(11.13 KB)
📄 configobj-4.6.0-py2.6.egg-info(312 B)
📄 configobj.py(84.42 KB)
📄 configobj.pyc(64.86 KB)
📄 configobj.pyo(64.86 KB)
📁 dbus
📄 dbus_bindings.py(33 B)
📄 dbus_bindings.pyc(185 B)
📄 dbus_bindings.pyo(185 B)
📁 distribute-0.6.10-py2.6.egg-info
📄 easy_install.py(126 B)
📄 easy_install.pyc(317 B)
📄 easy_install.pyo(317 B)
📄 hwdata.py(5.89 KB)
📄 hwdata.pyc(4.44 KB)
📄 hwdata.pyo(4.44 KB)
📁 iniparse
📄 iniparse-0.3.1-py2.6.egg-info(1.06 KB)
📁 jsonpatch-1.2-py2.6.egg-info
📄 jsonpatch.py(15.57 KB)
📄 jsonpatch.pyc(17.07 KB)
📄 jsonpatch.pyo(16.87 KB)
📄 jsonpointer-1.0-py2.6.egg-info(302 B)
📄 jsonpointer.py(6.46 KB)
📄 jsonpointer.pyc(6.22 KB)
📄 jsonpointer.pyo(6.22 KB)
📄 libproxy.py(4.23 KB)
📄 libproxy.pyc(3.9 KB)
📄 libproxy.pyo(3.9 KB)
📁 markdown
📁 oauth
📁 oauth-1.0.1-py2.6.egg-info
📄 pciutils-1.7.3-py2.6.egg-info(267 B)
📁 pip
📁 pip-7.1.0-py2.6.egg-info
📄 pkg_resources.py(86.13 KB)
📄 pkg_resources.pyc(90.7 KB)
📄 pkg_resources.pyo(90.7 KB)
📁 prettytable-0.7.2-py2.6.egg-info
📄 prettytable.py(52.93 KB)
📄 prettytable.pyc(51.03 KB)
📄 prettytable.pyo(50.06 KB)
📁 pygments
📁 pyzor
📁 pyzor-1.0.0-py2.6.egg-info
📁 requests
📄 requests-2.6.0-py2.6.egg-info(39.41 KB)
📁 rhn
📄 rhnlib-2.5.22-py2.6.egg-info(339 B)
📁 rpmUtils
📄 secureio.py(9.01 KB)
📄 secureio.pyc(4.61 KB)
📄 secureio.pyo(4.61 KB)
📁 setools
📁 setuptools
📄 setuptools-0.6c11-py2.6.egg-info(144 B)
📄 setuptools.pth(34 B)
📄 site.py(2.31 KB)
📄 site.pyc(1.73 KB)
📄 site.pyo(1.73 KB)
📄 six-1.9.0-py2.6.egg-info(1.39 KB)
📄 six.py(28.97 KB)
📄 six.pyc(29.18 KB)
📄 six.pyo(29.18 KB)
📁 sos
📁 supervisor
📄 supervisor-2.1-py2.6.egg-info(797 B)
📁 urlgrabber
📄 urlgrabber-3.9.1-py2.6.egg-info(2.23 KB)
📁 urllib3
📁 urllib3-1.10.2-py2.6.egg-info
📄 validate.py(45.67 KB)
📄 validate.pyc(46.27 KB)
📄 validate.pyo(46.27 KB)
📁 yum
📁 yumutils

Editing: secureio.py

#!/usr/bin/python
#
#Copyright (c) 2010 Cloud Linux LTD
#All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions
#are met:
#  * Redistributions of source code must retain the above copyright
#    notice, this list of conditions and the following disclaimer.
#  * Redistributions in binary form must reproduce the above
#    copyright notice, this list of conditions and the following
#    disclaimer in the documentation and/or other materials provided
#    with the distribution.
#  * The names of its contributors may not be used to endorse or
#    promote products derived from this software without specific
#    prior written permission.
#
#THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
#"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
#LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
#FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
#COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
#INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
#BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
#LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
#CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
#LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
#ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
#POSSIBILITY OF SUCH DAMAGE.
#

# This module provides functions for secure I/O and filesystem operations

import os
from ctypes import *

libc = cdll.LoadLibrary("libc.so.6")
liblve = cdll.LoadLibrary("liblve.so.0")

# --- libc functions -----------------------------------------------

ino_t = c_long
off_t = c_long

class DIRENTRY(Structure):
	_fields_ = [
		('d_ino', ino_t),                 # inode number
		('d_off', off_t),                 # offset to the next dirent
		('d_reclen', c_ushort),           # length of this record
		('d_type', c_ubyte),              # type of file; not supported by all file system types
		('d_name', c_char * 256),         # filename
	]

DIRENTRY_P = POINTER(DIRENTRY)

fchown = libc.fchown
fchown.argtypes = [c_int, c_int, c_int]
fchown.restype = c_int

fchmod = libc.fchmod
fchmod.argtypes = [c_int, c_int]
fchmod.restype = c_int

fdopendir = libc.fdopendir
# accepts file/dir descriptor (integer)
fdopendir.argtypes = [c_int]
# returns pointer to DIR structure
fdopendir.restype = c_void_p

readdir = libc.readdir
# accepts pointer to DIR structure
readdir.argtypes = [c_void_p]
# returns pointer to DIRENTRY structure
readdir.restype = DIRENTRY_P

rewinddir = libc.rewinddir
# accepts pointer to DIR structure
rewinddir.argtypes = [c_void_p]
# returns void
rewinddir.restype = None

closedir = libc.closedir
# accepts pointer to DIR structure
closedir.argtypes = [c_void_p]
closedir.restype = c_int

# --- liblve functions -----------------------------------------------

# Opens path for reading not following symlinks and verifies that opened path is inside parent_path
# Returns:
# descriptor if successful
# -1 if path does not exist or is a symlink
# -2 if opened path is NOT inside parent_path or cannot be determined
# accepts path, parent_path
open_not_symlink = liblve.open_not_symlink
open_not_symlink.argtypes = [c_char_p, c_char_p]
open_not_symlink.restype = c_int

# Closes descriptor (if it is not equal -1)
# accepts file/dir descriptor (integer)
liblve.closefd.argtypes = [c_int]
# returns void
liblve.closefd.restype = None

# Tries to read first directory entry in order to ensure that descriptor is valid
# Returns 0 if reading succeeded or -1 if error has occured
check_dir = liblve.check_dir
# accepts descriptor
check_dir.argtypes = [c_int]
check_dir.restype = c_int

# Checks if path is a directory (in secure manner)
# Also opens path (if descriptor fd == -1) and then checks that opened path is inside parent_path
# Returns descriptor if path refers to directory
# Returns -1 if path does not exist or is not a directory
# Returns -2 if opened path is NOT inside parent_path or cannot be determined
isdir = liblve.isdir
# accepts path, descriptor, parent_path
isdir.argtypes = [c_char_p, c_int, c_char_p]
isdir.restype = c_int

# Sets permissions to directory (in secure manner)
# Returns descriptor if successful
# Returns -1 if error has occured
# Returns -2 if opened path is NOT inside parent_path or cannot be determined
# accepts: const char *path, mode_t perm, int fd, const char *parent_path
liblve.set_perm_dir_secure.argtypes = [c_char_p, c_int, c_int, c_char_p]
liblve.set_perm_dir_secure.restype = c_int

# Sets owner and group of directory (in secure manner)
# Returns descriptor if successful
# Returns -1 if error has occured
# Returns -2 if opened path is NOT inside parent_path or cannot be determined
# accepts: const char *path, uid_t uid, gid_t gid, int fd, const char *parent_path
liblve.set_owner_dir_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_char_p]
liblve.set_owner_dir_secure.restype = c_int

# Creates directory if it does not exist, sets permissions/owner otherwise
# Returns descriptor if successful
# Returns -1 if error has occured
# accepts: const char *path, mode_t perm, uid_t uid, gid_t gid, int fd, const char *parent_path
liblve.create_dir_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_int, c_char_p]
liblve.create_dir_secure.restype = c_int

# Recursive directory creation function
# Returns 0 if successful
# Returns -1 if error has occured
# accepts: const char *path, mode_t perm, uid_t uid, gid_t gid, const char *parent_path
liblve.makedirs_secure.argtypes = [c_char_p, c_int, c_int, c_int, c_char_p]
liblve.makedirs_secure.restype = c_int

# Writes absolute path pointed by descriptor fd to buffer *buf
# Returns buf if successful
# Returns NULL if error has occured
get_path_from_descriptor = liblve.get_path_from_descriptor
get_path_from_descriptor.argtypes = [c_int, c_char_p]
get_path_from_descriptor.restype = c_char_p

# Returns 1 if subdir is subdirectory of dir, 0 otherwise
is_subdir = liblve.is_subdir
is_subdir.argtypes = [c_char_p, c_char_p]
is_subdir.restype = c_int

# Returns list of entries of directory pointed by descriptor
def flistdir(fd):
	# Duplicate descriptor, because closedir() closes descriptor associated with directory stream
	fd2 = os.dup(fd)

# Open directory stream
	dirp = fdopendir(fd2)
	if not dirp:
		raise Exception("fdopendir error")

# Reset position of directory stream
	# (so it will be possible to read content of directory multiple times
	# via other descriptors that refer to the directory)
	rewinddir(dirp)

dirlist = []
	while True:
		entryp = readdir(dirp)
		if not entryp:
			break
		entry = entryp.contents
		dirlist.append(entry.d_name)

rewinddir(dirp)
	closedir(dirp)
	return dirlist

def closefd(fd):
	if fd is not None:
		try:
			os.close(fd)
		except OSError:
			pass

# Sets permissions to directory (in secure manner)
# Returns descriptor if successful
# Returns None if error has occured
def set_perm_dir_secure(path, perm, parent_path, fd = None, logger = None):
	if fd == None:
		fd = -1
	fd = liblve.set_perm_dir_secure(path, perm, fd, parent_path)
	if fd > 0:
		return fd
	if logger is not None:
		logger('Error: failed to set permissions of directory ' + path, False, True)
	return None

# Sets owner and group of directory (in secure manner)
# Returns descriptor if successful
# Returns None if error has occured
def set_owner_dir_secure(path, uid, gid, parent_path, fd = None, logger = None):
	if fd == None:
		fd = -1
	fd = liblve.set_owner_dir_secure(path, uid, gid, fd, parent_path)
	if fd > 0:
		return fd
	if logger is not None:
		logger('Error: failed to set owner of directory ' + path, False, True)
	return None

# Creates directory if it does not exist, sets permissions/owner otherwise
# Returns descriptor if successful
# Returns None if error has occured
def create_dir_secure(path, perm, uid, gid, parent_path, fd = None, logger = None):
	if fd == None:
		fd = -1
	fd = liblve.create_dir_secure(path, perm, uid, gid, fd, parent_path)
	if fd > 0:
		return fd
	if logger is not None:
		logger('Error: failed to create directory ' + path, False, True)
	return None

# Recursive directory creation function
# Returns 0 if successful
# Returns -1 if error has occured
def makedirs_secure(path, perm, uid, gid, parent_path, logger = None):
	res = liblve.makedirs_secure(path, perm, uid, gid, parent_path)
	if res and logger:
		logger('Error: failed to create directory ' + path, False, True)
	return res

def set_capability(clear=False):
	"""
	Set CAP_SYS_RESOURCE capability

:param bool clear: Set on if it's true, set off otherwise
	:return: 0 for success, -1 otherwise
	:rtype: int
	"""
	if clear:
		return liblve.disable_quota_capability()
	else:
		return liblve.enable_quota_capability()

def change_uid(uid):
	"""
	Change effective uid of current process and set CAP_SYS_RESOURCE capbality
	to prevent "Disk quota exceeded" error

:param int euid: User ID to set it as current effective UID
	:return: 0 if capability was set successfuly, -1 otherwise
	:rtype: int
	"""
	os.setuid(uid)
	return set_capability()

Hackfut Security File Manager

Editing: secureio.py

Upload File

Create Folder