From a179160d41424813a2cf07ab554180804ae14fdf Mon Sep 17 00:00:00 2001 From: Samuel Thibault Date: Sun, 2 Jan 2022 01:23:27 +0100 Subject: Fix leaking auth ports We need to be extremely careful with auth ports since leaking them into subprocesses may expose a root-auth port to non-root processes. Notably, get_nonsugid_ids was caching it, thus preventing glibc's exec implementation from dropping it. Login is also reimplementing hurdexec but without all the cloexec logic. This commit fixes various auth leaks. --- utils/x.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'utils/x.c') diff --git a/utils/x.c b/utils/x.c index 90671fc9..1303544d 100644 --- a/utils/x.c +++ b/utils/x.c @@ -237,13 +237,15 @@ main(int argc, char *argv[]) memset (remove, 0, sizeof remove); + auth_t ourauth = getauth (); err = - auth_makeauth (getauth (), 0, MACH_MSG_TYPE_COPY_SEND, 0, + auth_makeauth (ourauth, 0, MACH_MSG_TYPE_COPY_SEND, 0, &auth.euids->ids, &auth.euids->num, &auth.auids->ids, &auth.auids->num, &auth.egids->ids, &auth.egids->num, &auth.agids->ids, &auth.agids->num, &auth); + mach_port_deallocate (mach_task_self (), ourauth); if (err) error (3, err, "Authentication failure", 0); -- cgit v1.2.3