diff options
author | Alan Jenkins <alan-jenkins@tuffmail.co.uk> | 2009-04-06 10:18:41 +0100 |
---|---|---|
committer | Kay Sievers <kay.sievers@vrfy.org> | 2009-04-06 07:23:35 -0700 |
commit | 4b09a2fc4383f191d96a8d6134b95a4b84aef931 (patch) | |
tree | d1e4d4d29a4e147b296de120aa3ec5ddccd59517 /udev | |
parent | 52761bb0a99cb80ccb19c9edf23963fdad67060d (diff) |
avoid leaking netlink socket fd to external programs
The netlink socket is now used by udev event processes. We should take
care not to pass it to the programs they execute. This is the same way
the inotify fd was handled.
Signed-off-by: Alan Jenkins <alan-jenkins@tuffmail.co.uk>
Diffstat (limited to 'udev')
-rw-r--r-- | udev/lib/libudev-monitor.c | 3 | ||||
-rw-r--r-- | udev/lib/libudev-private.h | 1 | ||||
-rw-r--r-- | udev/lib/libudev-util.c | 12 | ||||
-rw-r--r-- | udev/udev-watch.c | 13 |
4 files changed, 19 insertions, 10 deletions
diff --git a/udev/lib/libudev-monitor.c b/udev/lib/libudev-monitor.c index d006596e07..a8b1a4e2e5 100644 --- a/udev/lib/libudev-monitor.c +++ b/udev/lib/libudev-monitor.c @@ -92,6 +92,8 @@ struct udev_monitor *udev_monitor_new_from_socket(struct udev *udev, const char free(udev_monitor); return NULL; } + util_set_fd_cloexec(udev_monitor->sock); + dbg(udev, "monitor %p created with '%s'\n", udev_monitor, socket_path); return udev_monitor; } @@ -125,6 +127,7 @@ struct udev_monitor *udev_monitor_new_from_netlink(struct udev *udev, const char free(udev_monitor); return NULL; } + util_set_fd_cloexec(udev_monitor->sock); udev_monitor->snl.nl_family = AF_NETLINK; udev_monitor->snl.nl_groups = group; diff --git a/udev/lib/libudev-private.h b/udev/lib/libudev-private.h index c7b74a4218..1e47d51080 100644 --- a/udev/lib/libudev-private.h +++ b/udev/lib/libudev-private.h @@ -172,4 +172,5 @@ extern size_t util_strlcat(char *dst, const char *src, size_t size); extern int udev_util_replace_whitespace(const char *str, char *to, size_t len); extern int udev_util_replace_chars(char *str, const char *white); extern int udev_util_encode_string(const char *str, char *str_enc, size_t len); +extern void util_set_fd_cloexec(int fd); #endif diff --git a/udev/lib/libudev-util.c b/udev/lib/libudev-util.c index 867a41d211..b628fdd44c 100644 --- a/udev/lib/libudev-util.c +++ b/udev/lib/libudev-util.c @@ -448,3 +448,15 @@ int udev_util_encode_string(const char *str, char *str_enc, size_t len) err: return -1; } + +void util_set_fd_cloexec(int fd) +{ + int flags; + + flags = fcntl(fd, F_GETFD); + if (flags < 0) + flags = FD_CLOEXEC; + else + flags |= FD_CLOEXEC; + fcntl(fd, F_SETFD, flags); +} diff --git a/udev/udev-watch.c b/udev/udev-watch.c index e2c096af0f..d333476346 100644 --- a/udev/udev-watch.c +++ b/udev/udev-watch.c @@ -41,16 +41,9 @@ int inotify_fd = -1; void udev_watch_init(struct udev *udev) { inotify_fd = inotify_init(); - if (inotify_fd >= 0) { - int flags; - - flags = fcntl(inotify_fd, F_GETFD); - if (flags < 0) - flags = FD_CLOEXEC; - else - flags |= FD_CLOEXEC; - fcntl(inotify_fd, F_SETFD, flags); - } else if (errno == ENOSYS) + if (inotify_fd >= 0) + util_set_fd_cloexec(inotify_fd); + else if (errno == ENOSYS) info(udev, "unable to use inotify, udevd will not monitor rule files changes\n"); else err(udev, "inotify_init failed: %m\n"); |