diff options
| author | Tomas Mraz <tmraz@fedoraproject.org> | 2020-10-12 09:42:52 +0200 |
|---|---|---|
| committer | Tomáš Mráz <tmraz@redhat.com> | 2020-10-20 18:49:58 +0200 |
| commit | a7b9ffd2eee74ac57b19a8cdf6710e43cd345ded (patch) | |
| tree | aeb97a682bb0c40b0cedd3294802ce648e71f9e9 /libpam/pam_modutil_sanitize.c | |
| parent | ad8b6feaf8ea989368676acaea905998a807986e (diff) | |
| download | pam-a7b9ffd2eee74ac57b19a8cdf6710e43cd345ded.tar.gz pam-a7b9ffd2eee74ac57b19a8cdf6710e43cd345ded.tar.bz2 pam-a7b9ffd2eee74ac57b19a8cdf6710e43cd345ded.zip | |
Revert "libpam/pam_modutil_sanitize.c: optimize the way to close fds"
This reverts commit 1b087edc7f05237bf5eccc405704cd82b848e761.
Diffstat (limited to 'libpam/pam_modutil_sanitize.c')
| -rw-r--r-- | libpam/pam_modutil_sanitize.c | 73 |
1 files changed, 14 insertions, 59 deletions
diff --git a/libpam/pam_modutil_sanitize.c b/libpam/pam_modutil_sanitize.c index 58b9537c..7579c5bd 100644 --- a/libpam/pam_modutil_sanitize.c +++ b/libpam/pam_modutil_sanitize.c @@ -10,13 +10,6 @@ #include <fcntl.h> #include <syslog.h> #include <sys/resource.h> -#include <dirent.h> -#ifdef HAVE_SYS_VFS_H -#include <sys/vfs.h> -#endif -#ifdef HAVE_LINUX_MAGIC_H -#include <linux/magic.h> -#endif /* * Creates a pipe, closes its write end, redirects fd to its read end. @@ -91,69 +84,31 @@ redirect_out(pam_handle_t *pamh, enum pam_modutil_redirect_fd mode, return fd; } -/* Check if path is in a procfs. */ -static int -is_in_procfs(int fd) -{ -#if defined HAVE_SYS_VFS_H && defined PROC_SUPER_MAGIC - struct statfs stfs; - - if (fstatfs(fd, &stfs) == 0) { - if (stfs.f_type == PROC_SUPER_MAGIC) - return 1; - } else { - return 0; - } -#endif /* HAVE_SYS_VFS_H && PROC_SUPER_MAGIC */ - - return -1; -} - /* Closes all descriptors after stderr. */ static void close_fds(void) { - DIR *dir = NULL; - struct dirent *dent; - int dfd = -1; - int fd; - struct rlimit rlim; - /* * An arbitrary upper limit for the maximum file descriptor number * returned by RLIMIT_NOFILE. */ - const unsigned int MAX_FD_NO = 65535; + const int MAX_FD_NO = 65535; /* The lower limit is the same as for _POSIX_OPEN_MAX. */ - const unsigned int MIN_FD_NO = 20; - - /* If /proc is mounted, we can optimize which fd can be closed. */ - if ((dir = opendir("/proc/self/fd")) != NULL) { - if ((dfd = dirfd(dir)) >= 0 && is_in_procfs(dfd) > 0) { - while ((dent = readdir(dir)) != NULL) { - fd = atoi(dent->d_name); - if (fd > STDERR_FILENO && fd != dfd) - close(fd); - } - } else { - dfd = -1; - } - closedir(dir); - } + const int MIN_FD_NO = 20; - /* If /proc isn't available, fallback to the previous behavior. */ - if (dfd < 0) { - if (getrlimit(RLIMIT_NOFILE, &rlim) || rlim.rlim_max > MAX_FD_NO) - fd = MAX_FD_NO; - else if (rlim.rlim_max < MIN_FD_NO) - fd = MIN_FD_NO; - else - fd = rlim.rlim_max - 1; - - for (; fd > STDERR_FILENO; --fd) - close(fd); - } + int fd; + struct rlimit rlim; + + if (getrlimit(RLIMIT_NOFILE, &rlim) || rlim.rlim_max > MAX_FD_NO) + fd = MAX_FD_NO; + else if (rlim.rlim_max < MIN_FD_NO) + fd = MIN_FD_NO; + else + fd = rlim.rlim_max - 1; + + for (; fd > STDERR_FILENO; --fd) + close(fd); } int |