lib/, src/: Add checks for fd omission
Adding function check_fds to new file fd.c. The function check_fds
should be called in every setuid/setgid program.
Co-developed-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: d2f2c1877a ("Adding checks for fd omission")
Link: <https://github.com/shadow-maint/shadow/pull/964>
Link: <https://inbox.sourceware.org/libc-alpha/ZeyujhVRsDTUNUtw@debian/T/>
[alx: It seems we shouldn't need this, as libc does it for us. But it ]
[ shouldn't hurt either. Let's be paranoic. ]
Cc: <Guillem Jover <guillem@hadrons.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Christian Brauner <christian@brauner.io>
Cc: Rich Felker <dalias@libc.org>
Cc: Andreas Schwab <schwab@linux-m68k.org>
Cc: Thorsten Glaser <tg@mirbsd.de>
Cc: NRK <nrk@disroot.org>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: enh <enh@google.com>
Cc: Laurent Bercot <ska-dietlibc@skarnet.org>
Cc: Gabriel Ravier <gabravier@gmail.com>
Cc: Zack Weinberg <zack@owlfolio.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
This commit is contained in:
committed by
Alejandro Colomar
parent
39192107a6
commit
f4293f9fbc
+3
-4
@@ -762,13 +762,12 @@ int main (int argc, char **argv)
|
||||
gid_t rgid;
|
||||
const struct passwd *pw;
|
||||
|
||||
/*
|
||||
* Get the program name so that error messages can use it.
|
||||
*/
|
||||
sanitize_env ();
|
||||
check_fds ();
|
||||
|
||||
log_set_progname(Prog);
|
||||
log_set_logfd(stderr);
|
||||
|
||||
sanitize_env ();
|
||||
(void) setlocale (LC_ALL, "");
|
||||
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
||||
(void) textdomain (PACKAGE);
|
||||
|
||||
+3
-1
@@ -616,10 +616,12 @@ int main (int argc, char **argv)
|
||||
char new_gecos[BUFSIZ]; /* buffer for new GECOS fields */
|
||||
char *user;
|
||||
|
||||
sanitize_env ();
|
||||
check_fds ();
|
||||
|
||||
log_set_progname(Prog);
|
||||
log_set_logfd(stderr);
|
||||
|
||||
sanitize_env ();
|
||||
(void) setlocale (LC_ALL, "");
|
||||
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
||||
(void) textdomain (PACKAGE);
|
||||
|
||||
@@ -473,6 +473,7 @@ int main (int argc, char **argv)
|
||||
const struct passwd *pw; /* Password entry from /etc/passwd */
|
||||
|
||||
sanitize_env ();
|
||||
check_fds ();
|
||||
|
||||
log_set_progname(Prog);
|
||||
log_set_logfd(stderr);
|
||||
|
||||
+3
-2
@@ -123,11 +123,12 @@ int main (int argc, char **argv)
|
||||
struct passwd *pwd;
|
||||
struct spwd *spwd;
|
||||
|
||||
sanitize_env ();
|
||||
check_fds ();
|
||||
|
||||
log_set_progname(Prog);
|
||||
log_set_logfd(stderr);
|
||||
|
||||
sanitize_env ();
|
||||
|
||||
/*
|
||||
* Start by disabling all of the keyboard signals.
|
||||
*/
|
||||
|
||||
@@ -956,6 +956,8 @@ int main (int argc, char **argv)
|
||||
#endif
|
||||
|
||||
sanitize_env ();
|
||||
check_fds ();
|
||||
|
||||
(void) setlocale (LC_ALL, "");
|
||||
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
||||
(void) textdomain (PACKAGE);
|
||||
|
||||
@@ -390,6 +390,9 @@ int main (int argc, char **argv)
|
||||
#ifdef WITH_AUDIT
|
||||
audit_help_open ();
|
||||
#endif
|
||||
|
||||
check_fds ();
|
||||
|
||||
(void) setlocale (LC_ALL, "");
|
||||
(void) bindtextdomain (PACKAGE, LOCALEDIR);
|
||||
(void) textdomain (PACKAGE);
|
||||
|
||||
@@ -730,6 +730,7 @@ int main (int argc, char **argv)
|
||||
const struct spwd *sp; /* Shadow file entry for user */
|
||||
|
||||
sanitize_env ();
|
||||
check_fds ();
|
||||
|
||||
log_set_progname(Prog);
|
||||
log_set_logfd(stderr);
|
||||
|
||||
Reference in New Issue
Block a user