lib/, src/: Add checks for fd omission

Adding function check_fds to new file fd.c. The function check_fds
should be called in every setuid/setgid program.

Co-developed-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: d2f2c1877a ("Adding checks for fd omission")
Link: <https://github.com/shadow-maint/shadow/pull/964>
Link: <https://inbox.sourceware.org/libc-alpha/ZeyujhVRsDTUNUtw@debian/T/>
[alx: It seems we shouldn't need this, as libc does it for us.  But it ]
[     shouldn't hurt either.  Let's be paranoic.                       ]
Cc: <Guillem Jover <guillem@hadrons.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Christian Brauner <christian@brauner.io>
Cc: Rich Felker <dalias@libc.org>
Cc: Andreas Schwab <schwab@linux-m68k.org>
Cc: Thorsten Glaser <tg@mirbsd.de>
Cc: NRK <nrk@disroot.org>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: enh <enh@google.com>
Cc: Laurent Bercot <ska-dietlibc@skarnet.org>
Cc: Gabriel Ravier <gabravier@gmail.com>
Cc: Zack Weinberg <zack@owlfolio.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
Skyler Ferrante
2024-03-08 12:53:21 -05:00
committed by Alejandro Colomar
parent 39192107a6
commit f4293f9fbc
11 changed files with 63 additions and 7 deletions
+3 -4
View File
@@ -762,13 +762,12 @@ int main (int argc, char **argv)
gid_t rgid;
const struct passwd *pw;
/*
* Get the program name so that error messages can use it.
*/
sanitize_env ();
check_fds ();
log_set_progname(Prog);
log_set_logfd(stderr);
sanitize_env ();
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
+3 -1
View File
@@ -616,10 +616,12 @@ int main (int argc, char **argv)
char new_gecos[BUFSIZ]; /* buffer for new GECOS fields */
char *user;
sanitize_env ();
check_fds ();
log_set_progname(Prog);
log_set_logfd(stderr);
sanitize_env ();
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
+1
View File
@@ -473,6 +473,7 @@ int main (int argc, char **argv)
const struct passwd *pw; /* Password entry from /etc/passwd */
sanitize_env ();
check_fds ();
log_set_progname(Prog);
log_set_logfd(stderr);
+3 -2
View File
@@ -123,11 +123,12 @@ int main (int argc, char **argv)
struct passwd *pwd;
struct spwd *spwd;
sanitize_env ();
check_fds ();
log_set_progname(Prog);
log_set_logfd(stderr);
sanitize_env ();
/*
* Start by disabling all of the keyboard signals.
*/
+2
View File
@@ -956,6 +956,8 @@ int main (int argc, char **argv)
#endif
sanitize_env ();
check_fds ();
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
+3
View File
@@ -390,6 +390,9 @@ int main (int argc, char **argv)
#ifdef WITH_AUDIT
audit_help_open ();
#endif
check_fds ();
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
+1
View File
@@ -730,6 +730,7 @@ int main (int argc, char **argv)
const struct spwd *sp; /* Shadow file entry for user */
sanitize_env ();
check_fds ();
log_set_progname(Prog);
log_set_logfd(stderr);
+2
View File
@@ -999,6 +999,8 @@ int main (int argc, char **argv)
int ret;
#endif /* USE_PAM */
check_fds ();
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);