diff options
| author | Dmitry V. Levin <ldv@strace.io> | 2024-09-11 08:00:00 +0000 |
|---|---|---|
| committer | Dmitry V. Levin <ldv@strace.io> | 2024-09-13 08:00:00 +0000 |
| commit | b7a37362d332421f085ef5ab1fa24681289e7065 (patch) | |
| tree | 873dccee4727132fc84a8fef854988c6f582cce5 /modules | |
| parent | 2d6f1998dd770f5338b046ce4b105fedfadec59a (diff) | |
| download | pam-b7a37362d332421f085ef5ab1fa24681289e7065.tar.gz pam-b7a37362d332421f085ef5ab1fa24681289e7065.tar.bz2 pam-b7a37362d332421f085ef5ab1fa24681289e7065.zip | |
pam_filter: close unused file descriptors
When creating a socket pipe for communication between the parent and the
child process, each of these two processes should keep just one of these
socket pipe descriptors.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/pam_filter/pam_filter.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/pam_filter/pam_filter.c b/modules/pam_filter/pam_filter.c index 3b0913dd..84d59303 100644 --- a/modules/pam_filter/pam_filter.c +++ b/modules/pam_filter/pam_filter.c @@ -370,7 +370,8 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, } } else { - /* nothing to do for a simple stream socket */ + /* nothing else to do for a simple stream socket */ + close(fd[0]); } @@ -405,6 +406,9 @@ set_filter (pam_handle_t *pamh, int flags UNUSED, int ctrl, return PAM_SUCCESS; } + if (!aterminal) + close(fd[1]); + /* Clear out passwords... there is a security problem here in * that this process never executes pam_end. Consequently, any * other sensitive data in this process is *not* explicitly |