f4293f9fbc
Adding function check_fds to new file fd.c. The function check_fds
should be called in every setuid/setgid program.
Co-developed-by: Alejandro Colomar <alx@kernel.org>
Cherry-picked-from: d2f2c1877a ("Adding checks for fd omission")
Link: <https://github.com/shadow-maint/shadow/pull/964>
Link: <https://inbox.sourceware.org/libc-alpha/ZeyujhVRsDTUNUtw@debian/T/>
[alx: It seems we shouldn't need this, as libc does it for us. But it ]
[ shouldn't hurt either. Let's be paranoic. ]
Cc: <Guillem Jover <guillem@hadrons.org>
Cc: "Serge E. Hallyn" <serge@hallyn.com>
Cc: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu>
Cc: Iker Pedrosa <ipedrosa@redhat.com>
Cc: Christian Brauner <christian@brauner.io>
Cc: Rich Felker <dalias@libc.org>
Cc: Andreas Schwab <schwab@linux-m68k.org>
Cc: Thorsten Glaser <tg@mirbsd.de>
Cc: NRK <nrk@disroot.org>
Cc: Florian Weimer <fweimer@redhat.com>
Cc: enh <enh@google.com>
Cc: Laurent Bercot <ska-dietlibc@skarnet.org>
Cc: Gabriel Ravier <gabravier@gmail.com>
Cc: Zack Weinberg <zack@owlfolio.org>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
42 lines
779 B
C
42 lines
779 B
C
// SPDX-FileCopyrightText: 2024, Skyler Ferrante <sjf5462@rit.edu>
|
|
// SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
/**
|
|
* To protect against file descriptor omission attacks, we open the std file
|
|
* descriptors with /dev/null if they are not already open. Code is based on
|
|
* fix_fds from sudo.c.
|
|
*/
|
|
|
|
#include <fcntl.h>
|
|
#include <stdlib.h>
|
|
#include <unistd.h>
|
|
|
|
#include "prototypes.h"
|
|
|
|
static void check_fd(int fd);
|
|
|
|
void
|
|
check_fds(void)
|
|
{
|
|
/**
|
|
* Make sure stdin, stdout, stderr are open
|
|
* If they are closed, set them to /dev/null
|
|
*/
|
|
check_fd(STDIN_FILENO);
|
|
check_fd(STDOUT_FILENO);
|
|
check_fd(STDERR_FILENO);
|
|
}
|
|
|
|
static void
|
|
check_fd(int fd)
|
|
{
|
|
int devnull;
|
|
|
|
if (fcntl(fd, F_GETFL, 0) != -1)
|
|
return;
|
|
|
|
devnull = open("/dev/null", O_RDWR);
|
|
if (devnull != fd)
|
|
abort();
|
|
}
|