diff options
| author | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2022-01-02 01:23:27 +0100 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2022-01-04 01:09:32 +0100 |
| commit | a179160d41424813a2cf07ab554180804ae14fdf (patch) | |
| tree | 1a9eaa1fc2e5f38c98f421488791614023aad0ce /utils/shd.c | |
| parent | a8d51bf0ce26fd26e00338540857f43b8a99e126 (diff) | |
| download | hurd-a179160d41424813a2cf07ab554180804ae14fdf.tar.gz hurd-a179160d41424813a2cf07ab554180804ae14fdf.tar.bz2 hurd-a179160d41424813a2cf07ab554180804ae14fdf.zip | |
Fix leaking auth ports
We need to be extremely careful with auth ports since leaking them into
subprocesses may expose a root-auth port to non-root processes.
Notably, get_nonsugid_ids was caching it, thus preventing glibc's exec
implementation from dropping it. Login is also reimplementing hurdexec
but without all the cloexec logic.
This commit fixes various auth leaks.
Diffstat (limited to 'utils/shd.c')
| -rw-r--r-- | utils/shd.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/utils/shd.c b/utils/shd.c index e978061c..d2075075 100644 --- a/utils/shd.c +++ b/utils/shd.c @@ -231,6 +231,7 @@ main (int argc, char *argv[]) { char *linebuf = NULL; size_t linebufsize = 0; + auth_t ourauth; proc = getproc (); assert_backtrace (proc); @@ -252,8 +253,10 @@ main (int argc, char *argv[]) #endif /* Kludge to give boot a port to the auth server. */ - exec_init (getdport (0), getauth (), + ourauth = getauth (); + exec_init (getdport (0), ourauth, MACH_PORT_NULL, MACH_MSG_TYPE_COPY_SEND); + mach_port_deallocate (mach_task_self (), ourauth); if ((fcntl (0, F_GETFL) & O_READ) == 0) { |