diff options
| author | Sam Hartman <hartmans@debian.org> | 2024-12-02 09:55:34 -0700 |
|---|---|---|
| committer | Sam Hartman <hartmans@debian.org> | 2024-12-02 09:55:34 -0700 |
| commit | 4f3cfaf827bfa42a239c255092a128a3a02198bf (patch) | |
| tree | eac7f023f043739b79b2a51bd68c3006acb12964 /libpam/pam_modutil_sanitize.c | |
| parent | 6408d4b1baff9a7e58fd66e1d1c0871be0823777 (diff) | |
| parent | 7c9fb6472dcfae34ddbf4fbc9ecfafae2cf173c3 (diff) | |
| download | pam-4f3cfaf827bfa42a239c255092a128a3a02198bf.tar.gz pam-4f3cfaf827bfa42a239c255092a128a3a02198bf.tar.bz2 pam-4f3cfaf827bfa42a239c255092a128a3a02198bf.zip | |
Update upstream source from tag 'upstream/1.7.0'
Update to upstream version '1.7.0'
with Debian dir 0b3cd490884352e14273caeca2f05c6a525499fa
Diffstat (limited to 'libpam/pam_modutil_sanitize.c')
| -rw-r--r-- | libpam/pam_modutil_sanitize.c | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/libpam/pam_modutil_sanitize.c b/libpam/pam_modutil_sanitize.c index f26e8ec0..1b8af743 100644 --- a/libpam/pam_modutil_sanitize.c +++ b/libpam/pam_modutil_sanitize.c @@ -11,6 +11,10 @@ #include <syslog.h> #include <sys/resource.h> +#ifndef CLOSE_RANGE_UNSHARE +#define CLOSE_RANGE_UNSHARE (1U << 1) +#endif /* CLOSE_RANGE_UNSHARE */ + /* * Creates a pipe, closes its write end, redirects fd to its read end. * Returns fd on success, -1 otherwise. @@ -84,9 +88,8 @@ redirect_out(pam_handle_t *pamh, enum pam_modutil_redirect_fd mode, return fd; } -/* Closes all descriptors after stderr. */ static void -close_fds(void) +close_fds_iteratively(void) { /* * An arbitrary upper limit for the maximum file descriptor number @@ -111,6 +114,18 @@ close_fds(void) close(fd); } +/* Closes all descriptors after stderr. */ +static void +close_fds(void) +{ +#ifdef HAVE_CLOSE_RANGE + if (close_range(STDERR_FILENO+1, -1U, CLOSE_RANGE_UNSHARE) == 0) + return; +#endif /* HAVE_CLOSE_RANGE */ + + close_fds_iteratively(); +} + int pam_modutil_sanitize_helper_fds(pam_handle_t *pamh, enum pam_modutil_redirect_fd stdin_mode, |