From: Harald Hoyer <harald@redhat.com>
To: linux-hotplug@vger.kernel.org
Subject: PATCH some cleanups and security fixes
Date: Mon, 20 Sep 2004 13:32:06 +0000 [thread overview]
Message-ID: <414EDBD6.8030705@redhat.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 85 bytes --]
posted by Steve Grubb on https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130351
[-- Attachment #2: udev-030-rhsec.patch --]
[-- Type: text/plain, Size: 4025 bytes --]
--- udev-032/tdb/spinlock.c.rhsec 2004-09-14 07:55:34.000000000 +0200
+++ udev-032/tdb/spinlock.c 2004-09-14 15:13:58.916535504 +0200
@@ -23,7 +23,7 @@
#define HAVE_MMAP 1
#include "../udev.h"
-#if HAVE_CONFIG_H
+#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
--- udev-032/udevstart.c.rhsec 2004-09-14 07:55:36.000000000 +0200
+++ udev-032/udevstart.c 2004-09-14 15:13:58.919535048 +0200
@@ -211,7 +211,7 @@
dir2 = opendir(dirname);
if (dir2 != NULL) {
for (dent2 = readdir(dir2); dent2 != NULL; dent2 = readdir(dir2)) {
- char dirname2[MAX_PATHLEN-1];
+ char dirname2[MAX_PATHLEN];
DIR *dir3;
struct dirent *dent3;
--- udev-032/namedev.c.rhsec 2004-09-14 07:55:36.000000000 +0200
+++ udev-032/namedev.c 2004-09-14 15:13:58.915535656 +0200
@@ -350,7 +350,7 @@
{ .bus = "usb-serial", .file = "detach_state" },
{ .bus = "ide", .file = "detach_state" },
{ .bus = "pci", .file = "vendor" },
- {}
+ { NULL, NULL }
};
#define SECONDS_TO_WAIT_FOR_FILE 10
--- udev-032/udevd.c.rhsec 2004-09-14 07:55:33.000000000 +0200
+++ udev-032/udevd.c 2004-09-14 15:14:52.024461872 +0200
@@ -45,9 +45,9 @@
static int pipefds[2];
static long expected_seqnum = 0;
-volatile static int children_waiting;
-volatile static int run_msg_q;
-volatile static int sig_flag;
+static volatile int children_waiting;
+static volatile int run_msg_q;
+static volatile int sig_flag;
static int run_exec_q;
static LIST_HEAD(msg_list);
@@ -398,7 +398,7 @@
int ssock, maxsockplus;
struct sockaddr_un saddr;
socklen_t addrlen;
- int retval;
+ int retval, fd;
const int on = 1;
struct sigaction act;
fd_set readfds;
@@ -410,6 +410,22 @@
dbg("need to be root, exit");
exit(1);
}
+ /* make sure we are at top of dir */
+ chdir("/");
+ umask( umask( 077 ) | 022 );
+ /* Set fds to dev/null */
+ fd = open( "/dev/null", O_RDWR );
+ if ( fd < 0 ) {
+ dbg("error opening /dev/null %s", strerror(errno));
+ exit(1);
+ }
+ dup2(fd, 0);
+ dup2(fd, 1);
+ dup2(fd, 2);
+ if (fd > 2)
+ close(fd);
+ /* Get new session id so stray signals don't come our way. */
+ setsid();
/* setup signal handler pipe */
retval = pipe(pipefds);
@@ -419,7 +435,12 @@
}
retval = fcntl(pipefds[0], F_SETFL, O_NONBLOCK);
- if (retval < 0) {
+ if (retval < 0) {
+ dbg("error fcntl on read pipe: %s", strerror(errno));
+ exit(1);
+ }
+ retval = fcntl(pipefds[0], F_SETFD, FD_CLOEXEC);
+ if (retval < 0) {
dbg("error fcntl on read pipe: %s", strerror(errno));
exit(1);
}
@@ -429,7 +450,13 @@
dbg("error fcntl on write pipe: %s", strerror(errno));
exit(1);
}
+ retval = fcntl(pipefds[1], F_SETFD, FD_CLOEXEC);
+ if (retval < 0) {
+ dbg("error fcntl on write pipe: %s", strerror(errno));
+ exit(1);
+ }
+
/* set signal handlers */
act.sa_handler = sig_handler;
sigemptyset(&act.sa_mask);
@@ -457,15 +484,22 @@
dbg("bind failed, exit");
goto exit;
}
+ retval = fcntl(ssock, F_SETFD, FD_CLOEXEC);
+ if (retval < 0) {
+ dbg("error fcntl on ssock: %s", strerror(errno));
+ exit(1);
+ }
/* enable receiving of the sender credentials */
setsockopt(ssock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on));
/* possible override of udev binary, used for testing */
+#ifdef DEBUG
udev_bin = getenv("UDEV_BIN");
if (udev_bin != NULL)
dbg("udev binary is set to '%s'", udev_bin);
else
+#endif
udev_bin = UDEV_BIN;
FD_ZERO(&readfds);
--- udev-032/dev_d.c.rhsec 2004-09-14 07:55:37.000000000 +0200
+++ udev-032/dev_d.c 2004-09-14 15:13:58.914535808 +0200
@@ -78,6 +78,7 @@
strfieldcpy(env_devname, dev->name);
setenv("DEVPATH", devpath, 1);
}
+ else env_devname[0] = 0;
setenv("DEVNAME", env_devname, 1);
dbg("DEVNAME='%s'", env_devname);
--- udev-032/udev-remove.c.rhsec 2004-09-14 07:55:33.000000000 +0200
+++ udev-032/udev-remove.c 2004-09-14 15:13:58.918535200 +0200
@@ -105,7 +105,7 @@
char filename[NAME_SIZE];
char linkname[NAME_SIZE];
char partitionname[NAME_SIZE];
- int retval;
+ int retval = 0;
int i;
char *pos;
int len;
next reply other threads:[~2004-09-20 13:32 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-20 13:32 Harald Hoyer [this message]
-- strict thread matches above, loose matches on Subject: below --
2004-10-05 23:49 PATCH some cleanups and security fixes Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=414EDBD6.8030705@redhat.com \
--to=harald@redhat.com \
--cc=linux-hotplug@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).