pam_namespace: close unnecessary file descriptors before exec() - pam.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Matthias Gerstner <matthias.gerstner@suse.de>	2024-01-02 12:13:19 +0100
committer	Dmitry V. Levin <ldv@strace.io>	2024-01-03 10:50:38 +0000
commit	c48622d95e3d441fcee6228be1952fe7ee299f6d (patch)
tree	4f4d3754fae851f9321a2ddce1826f2b1a51492d /modules/pam_unix/pam_unix_passwd.c
parent	ddfc1301282fe87e245716b04437422476e8bc35 (diff)
download	pam-c48622d95e3d441fcee6228be1952fe7ee299f6d.tar.gz pam-c48622d95e3d441fcee6228be1952fe7ee299f6d.tar.bz2 pam-c48622d95e3d441fcee6228be1952fe7ee299f6d.zip

pam_namespace: close unnecessary file descriptors before exec()

Currently the `rm` subprocess and the namespace init script inherit a random set of open file descriptors from the process running PAM. Depending on the actual PAM stack configuration these can even be security sensitive files. In any case it is unclean to inherit unexpected open file descriptors to child processes like this. To address this close all file descriptors except stdio before executing a new program.

Diffstat (limited to 'modules/pam_unix/pam_unix_passwd.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: