summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorharald@redhat.com <harald@redhat.com>2004-10-06 00:48:10 -0700
committerGreg KH <gregkh@suse.de>2005-04-26 21:37:03 -0700
commitc8fa2d8b413f7cf1ab42d1c35865952649bfccad (patch)
tree3b15f681b17de7476d4a09f644b1abe773d08bc5
parenta551c7b0ceb72145a5256cdd53b0b52ff9f766de (diff)
[PATCH] PATCH some cleanups and security fixes
posted by Steve Grubb on https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130351
-rw-r--r--udevd.c42
1 files changed, 37 insertions, 5 deletions
diff --git a/udevd.c b/udevd.c
index 88131d63ab..2bcb4a9e1e 100644
--- a/udevd.c
+++ b/udevd.c
@@ -45,9 +45,9 @@
static int pipefds[2];
static unsigned long long expected_seqnum = 0;
-volatile static int children_waiting;
-volatile static int run_msg_q;
-volatile static int sig_flag;
+static volatile int children_waiting;
+static volatile int run_msg_q;
+static volatile int sig_flag;
static int run_exec_q;
static LIST_HEAD(msg_list);
@@ -397,7 +397,7 @@ int main(int argc, char *argv[])
int ssock, maxsockplus;
struct sockaddr_un saddr;
socklen_t addrlen;
- int retval;
+ int retval, fd;
const int on = 1;
struct sigaction act;
fd_set readfds;
@@ -409,6 +409,22 @@ int main(int argc, char *argv[])
dbg("need to be root, exit");
exit(1);
}
+ /* make sure we are at top of dir */
+ chdir("/");
+ umask( umask( 077 ) | 022 );
+ /* Set fds to dev/null */
+ fd = open( "/dev/null", O_RDWR );
+ if ( fd < 0 ) {
+ dbg("error opening /dev/null %s", strerror(errno));
+ exit(1);
+ }
+ dup2(fd, 0);
+ dup2(fd, 1);
+ dup2(fd, 2);
+ if (fd > 2)
+ close(fd);
+ /* Get new session id so stray signals don't come our way. */
+ setsid();
/* setup signal handler pipe */
retval = pipe(pipefds);
@@ -418,7 +434,12 @@ int main(int argc, char *argv[])
}
retval = fcntl(pipefds[0], F_SETFL, O_NONBLOCK);
- if (retval < 0) {
+ if (retval < 0) {
+ dbg("error fcntl on read pipe: %s", strerror(errno));
+ exit(1);
+ }
+ retval = fcntl(pipefds[0], F_SETFD, FD_CLOEXEC);
+ if (retval < 0) {
dbg("error fcntl on read pipe: %s", strerror(errno));
exit(1);
}
@@ -428,7 +449,13 @@ int main(int argc, char *argv[])
dbg("error fcntl on write pipe: %s", strerror(errno));
exit(1);
}
+ retval = fcntl(pipefds[1], F_SETFD, FD_CLOEXEC);
+ if (retval < 0) {
+ dbg("error fcntl on write pipe: %s", strerror(errno));
+ exit(1);
+ }
+
/* set signal handlers */
act.sa_handler = sig_handler;
sigemptyset(&act.sa_mask);
@@ -456,6 +483,11 @@ int main(int argc, char *argv[])
dbg("bind failed, exit");
goto exit;
}
+ retval = fcntl(ssock, F_SETFD, FD_CLOEXEC);
+ if (retval < 0) {
+ dbg("error fcntl on ssock: %s", strerror(errno));
+ exit(1);
+ }
/* enable receiving of the sender credentials */
setsockopt(ssock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on));