diff options
| author | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2022-01-02 01:23:27 +0100 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2022-01-04 01:09:32 +0100 |
| commit | a179160d41424813a2cf07ab554180804ae14fdf (patch) | |
| tree | 1a9eaa1fc2e5f38c98f421488791614023aad0ce /utils/x.c | |
| parent | a8d51bf0ce26fd26e00338540857f43b8a99e126 (diff) | |
| download | hurd-a179160d41424813a2cf07ab554180804ae14fdf.tar.gz hurd-a179160d41424813a2cf07ab554180804ae14fdf.tar.bz2 hurd-a179160d41424813a2cf07ab554180804ae14fdf.zip | |
Fix leaking auth ports
We need to be extremely careful with auth ports since leaking them into
subprocesses may expose a root-auth port to non-root processes.
Notably, get_nonsugid_ids was caching it, thus preventing glibc's exec
implementation from dropping it. Login is also reimplementing hurdexec
but without all the cloexec logic.
This commit fixes various auth leaks.
Diffstat (limited to 'utils/x.c')
| -rw-r--r-- | utils/x.c | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -237,13 +237,15 @@ main(int argc, char *argv[]) memset (remove, 0, sizeof remove); + auth_t ourauth = getauth (); err = - auth_makeauth (getauth (), 0, MACH_MSG_TYPE_COPY_SEND, 0, + auth_makeauth (ourauth, 0, MACH_MSG_TYPE_COPY_SEND, 0, &auth.euids->ids, &auth.euids->num, &auth.auids->ids, &auth.auids->num, &auth.egids->ids, &auth.egids->num, &auth.agids->ids, &auth.agids->num, &auth); + mach_port_deallocate (mach_task_self (), ourauth); if (err) error (3, err, "Authentication failure", 0); |