-do not close stdin/stdout for standard system progs

author: Christian Grothoff <christian@grothoff.org> 2012-09-28 16:53:51 +0000
committer: Christian Grothoff <christian@grothoff.org> 2012-09-28 16:53:51 +0000
commit: 16fe3b976a5c0d42817c4d8ed886efbc0759922f (patch)
tree: 7d74821b9b255243493a3ddf5b86b1348897fc60 /src/dns/gnunet-helper-dns.c
parent: 27f51b6ce1882d8e800f7188cfa00b8c76e9c224 (diff)
download: gnunet-16fe3b976a5c0d42817c4d8ed886efbc0759922f.tar.gz
gnunet-16fe3b976a5c0d42817c4d8ed886efbc0759922f.zip
1 files changed, 47 insertions, 1 deletions
diff --git a/src/dns/gnunet-helper-dns.c b/src/dns/gnunet-helper-dns.c
index 1fb1dcfbb..c230ec544 100644
--- a/src/dns/gnunet-helper-dns.c
+++ b/src/dns/gnunet-helper-dns.c
@@ -155,6 +155,33 @@ signal_handler (int signal)
 /**
+ * Open '/dev/null' and make the result the given
+ * file descriptor.
+ *
+ * @param target_fd desired FD to point to /dev/null
+ * @param flags open flags (O_RDONLY, O_WRONLY)
+ */
+static void
+open_dev_null (int target_fd,
+               int flags)
+{
+  int fd;
+  fd = open ("/dev/null", flags);
+  if (-1 == fd)
+    abort ();
+  if (fd == target_fd)
+    return;
+  if (-1 == dup2 (fd, target_fd))
+  {    
+    (void) close (fd);
+    abort ();
+  }
+  (void) close (fd);
+}
+/**
 * Run the given command and wait for it to complete.
 * 
 * @param file name of the binary to run
@@ -183,7 +210,9 @@ fork_and_exec (const char *file,
    /* close stdin/stdout to not cause interference
       with the helper's main protocol! */
    (void) close (0); 
+    open_dev_null (0, O_RDONLY);
    (void) close (1); 
+    open_dev_null (1, O_WRONLY);
    (void) execv (file, cmd);
    /* can only get here on error */
    fprintf (stderr, 
@@ -683,6 +712,7 @@ PROCESS_BUFFER:
 *         25-39 failed to drop privs and then failed to undo some changes to routing table
 *         40 failed to regain privs
 *         41-55 failed to regain prisv and then failed to undo some changes to routing table
+ *         254 insufficient priviledges
 *         255 failed to handle kill signal properly
 */
 int
@@ -692,6 +722,7 @@ main (int argc, char *const*argv)
  char dev[IFNAMSIZ];
  char mygid[32];
  int fd_tun;
+  uid_t uid;
  if (6 != argc)
  {
@@ -699,6 +730,22 @@ main (int argc, char *const*argv)
    return 1;
  }
+  /* assert privs so we can modify the firewall rules! */
+  uid = getuid ();
+#ifdef HAVE_SETRESUID
+  if (0 != setresuid (uid, 0, 0))
+  {
+    fprintf (stderr, "Failed to setresuid to root: %s\n", strerror (errno));
+    return 254;
+  }
+#else
+  if (0 != seteuid (0)) 
+  {
+    fprintf (stderr, "Failed to seteuid back to root: %s\n", strerror (errno));
+    return 254;
+  }
+#endif
  /* verify that the binaries were care about are executable */
  if (0 == access ("/sbin/iptables", X_OK))
    sbin_iptables = "/sbin/iptables";
@@ -899,7 +946,6 @@ main (int argc, char *const*argv)
  /* drop privs *except* for the saved UID; this is not perfect, but better
     than doing nothing */
-  uid_t uid = getuid ();
 #ifdef HAVE_SETRESUID
  if (0 != setresuid (uid, uid, 0))
  {
author	Christian Grothoff <christian@grothoff.org>	2012-09-28 16:53:51 +0000
committer	Christian Grothoff <christian@grothoff.org>	2012-09-28 16:53:51 +0000
commit	16fe3b976a5c0d42817c4d8ed886efbc0759922f (patch)
tree	7d74821b9b255243493a3ddf5b86b1348897fc60 /src/dns/gnunet-helper-dns.c
parent	27f51b6ce1882d8e800f7188cfa00b8c76e9c224 (diff)
download	gnunet-16fe3b976a5c0d42817c4d8ed886efbc0759922f.tar.gz gnunet-16fe3b976a5c0d42817c4d8ed886efbc0759922f.zip

diff --git a/src/dns/gnunet-helper-dns.c b/src/dns/gnunet-helper-dns.c index 1fb1dcfbb..c230ec544 100644 --- a/src/dns/gnunet-helper-dns.c +++ b/src/dns/gnunet-helper-dns.c
@@ -155,6 +155,33 @@ signal_handler (int signal)
155		155
156		156
157	/**	157	/**
		158	* Open '/dev/null' and make the result the given
		159	* file descriptor.
		160	*
		161	* @param target_fd desired FD to point to /dev/null
		162	* @param flags open flags (O_RDONLY, O_WRONLY)
		163	*/
		164	static void
		165	open_dev_null (int target_fd,
		166	int flags)
		167	{
		168	int fd;
		169
		170	fd = open ("/dev/null", flags);
		171	if (-1 == fd)
		172	abort ();
		173	if (fd == target_fd)
		174	return;
		175	if (-1 == dup2 (fd, target_fd))
		176	{
		177	(void) close (fd);
		178	abort ();
		179	}
		180	(void) close (fd);
		181	}
		182
		183
		184	/**
158	* Run the given command and wait for it to complete.	185	* Run the given command and wait for it to complete.
159	*	186	*
160	* @param file name of the binary to run	187	* @param file name of the binary to run
@@ -183,7 +210,9 @@ fork_and_exec (const char *file,
183	/* close stdin/stdout to not cause interference	210	/* close stdin/stdout to not cause interference
184	with the helper's main protocol! */	211	with the helper's main protocol! */
185	(void) close (0);	212	(void) close (0);
		213	open_dev_null (0, O_RDONLY);
186	(void) close (1);	214	(void) close (1);
		215	open_dev_null (1, O_WRONLY);
187	(void) execv (file, cmd);	216	(void) execv (file, cmd);
188	/* can only get here on error */	217	/* can only get here on error */
189	fprintf (stderr,	218	fprintf (stderr,
@@ -683,6 +712,7 @@ PROCESS_BUFFER:
683	* 25-39 failed to drop privs and then failed to undo some changes to routing table	712	* 25-39 failed to drop privs and then failed to undo some changes to routing table
684	* 40 failed to regain privs	713	* 40 failed to regain privs
685	* 41-55 failed to regain prisv and then failed to undo some changes to routing table	714	* 41-55 failed to regain prisv and then failed to undo some changes to routing table
		715	* 254 insufficient priviledges
686	* 255 failed to handle kill signal properly	716	* 255 failed to handle kill signal properly
687	*/	717	*/
688	int	718	int
@@ -692,6 +722,7 @@ main (int argc, char constargv)
692	char dev[IFNAMSIZ];	722	char dev[IFNAMSIZ];
693	char mygid[32];	723	char mygid[32];
694	int fd_tun;	724	int fd_tun;
		725	uid_t uid;
695		726
696	if (6 != argc)	727	if (6 != argc)
697	{	728	{
@@ -699,6 +730,22 @@ main (int argc, char constargv)
699	return 1;	730	return 1;
700	}	731	}
701		732
		733	/* assert privs so we can modify the firewall rules! */
		734	uid = getuid ();
		735	#ifdef HAVE_SETRESUID
		736	if (0 != setresuid (uid, 0, 0))
		737	{
		738	fprintf (stderr, "Failed to setresuid to root: %s\n", strerror (errno));
		739	return 254;
		740	}
		741	#else
		742	if (0 != seteuid (0))
		743	{
		744	fprintf (stderr, "Failed to seteuid back to root: %s\n", strerror (errno));
		745	return 254;
		746	}
		747	#endif
		748
702	/* verify that the binaries were care about are executable */	749	/* verify that the binaries were care about are executable */
703	if (0 == access ("/sbin/iptables", X_OK))	750	if (0 == access ("/sbin/iptables", X_OK))
704	sbin_iptables = "/sbin/iptables";	751	sbin_iptables = "/sbin/iptables";
@@ -899,7 +946,6 @@ main (int argc, char constargv)
899		946
900	/* drop privs except for the saved UID; this is not perfect, but better	947	/* drop privs except for the saved UID; this is not perfect, but better
901	than doing nothing */	948	than doing nothing */
902	uid_t uid = getuid ();
903	#ifdef HAVE_SETRESUID	949	#ifdef HAVE_SETRESUID
904	if (0 != setresuid (uid, uid, 0))	950	if (0 != setresuid (uid, uid, 0))
905	{	951	{