--- udev-032/tdb/spinlock.c.rhsec 2004-09-14 07:55:34.000000000 +0200 +++ udev-032/tdb/spinlock.c 2004-09-14 15:13:58.916535504 +0200 @@ -23,7 +23,7 @@ #define HAVE_MMAP 1 #include "../udev.h" -#if HAVE_CONFIG_H +#ifdef HAVE_CONFIG_H #include #endif --- udev-032/udevstart.c.rhsec 2004-09-14 07:55:36.000000000 +0200 +++ udev-032/udevstart.c 2004-09-14 15:13:58.919535048 +0200 @@ -211,7 +211,7 @@ dir2 = opendir(dirname); if (dir2 != NULL) { for (dent2 = readdir(dir2); dent2 != NULL; dent2 = readdir(dir2)) { - char dirname2[MAX_PATHLEN-1]; + char dirname2[MAX_PATHLEN]; DIR *dir3; struct dirent *dent3; --- udev-032/namedev.c.rhsec 2004-09-14 07:55:36.000000000 +0200 +++ udev-032/namedev.c 2004-09-14 15:13:58.915535656 +0200 @@ -350,7 +350,7 @@ { .bus = "usb-serial", .file = "detach_state" }, { .bus = "ide", .file = "detach_state" }, { .bus = "pci", .file = "vendor" }, - {} + { NULL, NULL } }; #define SECONDS_TO_WAIT_FOR_FILE 10 --- udev-032/udevd.c.rhsec 2004-09-14 07:55:33.000000000 +0200 +++ udev-032/udevd.c 2004-09-14 15:14:52.024461872 +0200 @@ -45,9 +45,9 @@ static int pipefds[2]; static long expected_seqnum = 0; -volatile static int children_waiting; -volatile static int run_msg_q; -volatile static int sig_flag; +static volatile int children_waiting; +static volatile int run_msg_q; +static volatile int sig_flag; static int run_exec_q; static LIST_HEAD(msg_list); @@ -398,7 +398,7 @@ int ssock, maxsockplus; struct sockaddr_un saddr; socklen_t addrlen; - int retval; + int retval, fd; const int on = 1; struct sigaction act; fd_set readfds; @@ -410,6 +410,22 @@ dbg("need to be root, exit"); exit(1); } + /* make sure we are at top of dir */ + chdir("/"); + umask( umask( 077 ) | 022 ); + /* Set fds to dev/null */ + fd = open( "/dev/null", O_RDWR ); + if ( fd < 0 ) { + dbg("error opening /dev/null %s", strerror(errno)); + exit(1); + } + dup2(fd, 0); + dup2(fd, 1); + dup2(fd, 2); + if (fd > 2) + close(fd); + /* Get new session id so stray signals don't come our way. */ + setsid(); /* setup signal handler pipe */ retval = pipe(pipefds); @@ -419,7 +435,12 @@ } retval = fcntl(pipefds[0], F_SETFL, O_NONBLOCK); - if (retval < 0) { + if (retval < 0) { + dbg("error fcntl on read pipe: %s", strerror(errno)); + exit(1); + } + retval = fcntl(pipefds[0], F_SETFD, FD_CLOEXEC); + if (retval < 0) { dbg("error fcntl on read pipe: %s", strerror(errno)); exit(1); } @@ -429,7 +450,13 @@ dbg("error fcntl on write pipe: %s", strerror(errno)); exit(1); } + retval = fcntl(pipefds[1], F_SETFD, FD_CLOEXEC); + if (retval < 0) { + dbg("error fcntl on write pipe: %s", strerror(errno)); + exit(1); + } + /* set signal handlers */ act.sa_handler = sig_handler; sigemptyset(&act.sa_mask); @@ -457,15 +484,22 @@ dbg("bind failed, exit"); goto exit; } + retval = fcntl(ssock, F_SETFD, FD_CLOEXEC); + if (retval < 0) { + dbg("error fcntl on ssock: %s", strerror(errno)); + exit(1); + } /* enable receiving of the sender credentials */ setsockopt(ssock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on)); /* possible override of udev binary, used for testing */ +#ifdef DEBUG udev_bin = getenv("UDEV_BIN"); if (udev_bin != NULL) dbg("udev binary is set to '%s'", udev_bin); else +#endif udev_bin = UDEV_BIN; FD_ZERO(&readfds); --- udev-032/dev_d.c.rhsec 2004-09-14 07:55:37.000000000 +0200 +++ udev-032/dev_d.c 2004-09-14 15:13:58.914535808 +0200 @@ -78,6 +78,7 @@ strfieldcpy(env_devname, dev->name); setenv("DEVPATH", devpath, 1); } + else env_devname[0] = 0; setenv("DEVNAME", env_devname, 1); dbg("DEVNAME='%s'", env_devname); --- udev-032/udev-remove.c.rhsec 2004-09-14 07:55:33.000000000 +0200 +++ udev-032/udev-remove.c 2004-09-14 15:13:58.918535200 +0200 @@ -105,7 +105,7 @@ char filename[NAME_SIZE]; char linkname[NAME_SIZE]; char partitionname[NAME_SIZE]; - int retval; + int retval = 0; int i; char *pos; int len;