PolicyKit: Branch 'master'
David Zeuthen
david at kemper.freedesktop.org
Thu Jul 30 07:36:27 PDT 2009
src/programs/pkexec.c | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 50 insertions(+)
New commits:
commit db1001b48e5ecaf792f5b3648f5dbc7e87ff19ad
Author: David Zeuthen <davidz at redhat.com>
Date: Thu Jul 30 10:33:03 2009 -0400
Ensure all fds except stdin/stdout/stderr are closed after exec(2)
diff --git a/src/programs/pkexec.c b/src/programs/pkexec.c
index 5121d21..55a053f 100644
--- a/src/programs/pkexec.c
+++ b/src/programs/pkexec.c
@@ -28,6 +28,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
+#include <fcntl.h>
#include <grp.h>
#include <pwd.h>
#include <errno.h>
@@ -46,6 +47,48 @@ usage (int argc, char *argv[])
/* ---------------------------------------------------------------------------------------------------- */
+typedef gboolean (*FdCallback) (gint fd, gpointer user_data);
+
+static gboolean
+set_close_on_exec (gint fd,
+ gpointer user_data)
+{
+ gint fd_bottom;
+
+ fd_bottom = GPOINTER_TO_INT (user_data);
+
+ if (fd >= fd_bottom)
+ {
+ if (fcntl (fd, F_SETFD, FD_CLOEXEC) != 0 && errno != EBADF)
+ {
+ return FALSE;
+ }
+ }
+
+ return TRUE;
+}
+
+static gboolean
+fdwalk (FdCallback callback,
+ gpointer user_data)
+{
+ gint fd;
+ gint max_fd;
+
+ g_return_val_if_fail (callback != NULL, FALSE);
+
+ max_fd = sysconf (_SC_OPEN_MAX);
+ for (fd = 0; fd < max_fd; fd++)
+ {
+ if (!callback (fd, user_data))
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+/* ---------------------------------------------------------------------------------------------------- */
+
static gchar *
find_action_for_path (PolkitAuthority *authority,
const gchar *path)
@@ -390,6 +433,13 @@ main (int argc, char *argv[])
}
}
+ /* set close_on_exec on all file descriptors except stdin, stdout, stderr */
+ if (!fdwalk (set_close_on_exec, GINT_TO_POINTER (3)))
+ {
+ g_printerr ("Error setting close-on-exec for file desriptors\n");
+ goto out;
+ }
+
/* if not changing to uid 0, become uid 0 before changing to the user */
if (pw->pw_uid)
{
More information about the hal-commit
mailing list