From mboxrd@z Thu Jan  1 00:00:00 1970
From: Harald Hoyer <harald@redhat.com>
Date: Mon, 20 Sep 2004 13:32:06 +0000
Subject: PATCH some cleanups and security fixes
Message-Id: <414EDBD6.8030705@redhat.com>
MIME-Version: 1
Content-Type: multipart/mixed; boundary="------------020805090903000905000904"
List-Id: <linux-hotplug.vger.kernel.org>
To: linux-hotplug@vger.kernel.org

This is a multi-part message in MIME format.
--------------020805090903000905000904
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

posted by Steve Grubb on https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=130351

--------------020805090903000905000904
Content-Type: text/plain;
 name="udev-030-rhsec.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="udev-030-rhsec.patch"

--- udev-032/tdb/spinlock.c.rhsec	2004-09-14 07:55:34.000000000 +0200
+++ udev-032/tdb/spinlock.c	2004-09-14 15:13:58.916535504 +0200
@@ -23,7 +23,7 @@
 #define HAVE_MMAP	1
 #include "../udev.h"
 
-#if HAVE_CONFIG_H
+#ifdef HAVE_CONFIG_H
 #include <config.h>
 #endif
 
--- udev-032/udevstart.c.rhsec	2004-09-14 07:55:36.000000000 +0200
+++ udev-032/udevstart.c	2004-09-14 15:13:58.919535048 +0200
@@ -211,7 +211,7 @@
 			dir2 = opendir(dirname);
 			if (dir2 != NULL) {
 				for (dent2 = readdir(dir2); dent2 != NULL; dent2 = readdir(dir2)) {
-					char dirname2[MAX_PATHLEN-1];
+					char dirname2[MAX_PATHLEN];
 					DIR *dir3;
 					struct dirent *dent3;
 
--- udev-032/namedev.c.rhsec	2004-09-14 07:55:36.000000000 +0200
+++ udev-032/namedev.c	2004-09-14 15:13:58.915535656 +0200
@@ -350,7 +350,7 @@
 	{ .bus = "usb-serial",	.file = "detach_state" },
 	{ .bus = "ide",		.file = "detach_state" },
 	{ .bus = "pci",		.file = "vendor" },
-	{}
+	{ NULL, NULL }
 };
 
 #define SECONDS_TO_WAIT_FOR_FILE	10
--- udev-032/udevd.c.rhsec	2004-09-14 07:55:33.000000000 +0200
+++ udev-032/udevd.c	2004-09-14 15:14:52.024461872 +0200
@@ -45,9 +45,9 @@
 
 static int pipefds[2];
 static long expected_seqnum = 0;
-volatile static int children_waiting;
-volatile static int run_msg_q;
-volatile static int sig_flag;
+static volatile int children_waiting;
+static volatile int run_msg_q;
+static volatile int sig_flag;
 static int run_exec_q;
 
 static LIST_HEAD(msg_list);
@@ -398,7 +398,7 @@
 	int ssock, maxsockplus;
 	struct sockaddr_un saddr;
 	socklen_t addrlen;
-	int retval;
+	int retval, fd;
 	const int on = 1;
 	struct sigaction act;
 	fd_set readfds;
@@ -410,6 +410,22 @@
 		dbg("need to be root, exit");
 		exit(1);
 	}
+	/* make sure we are at top of dir */
+	chdir("/");
+	umask( umask( 077 ) | 022 );
+	/* Set fds to dev/null */
+	fd = open( "/dev/null", O_RDWR );
+	if ( fd < 0 ) {
+		dbg("error opening /dev/null %s", strerror(errno));
+		exit(1);
+	}
+	dup2(fd, 0);
+	dup2(fd, 1);
+	dup2(fd, 2);
+	if (fd > 2) 
+		close(fd);
+	/* Get new session id so stray signals don't come our way. */
+	setsid();
 
 	/* setup signal handler pipe */
 	retval = pipe(pipefds);
@@ -419,7 +435,12 @@
 	}
 
 	retval = fcntl(pipefds[0], F_SETFL, O_NONBLOCK);
-		if (retval < 0) {
+	if (retval < 0) {
+		dbg("error fcntl on read pipe: %s", strerror(errno));
+		exit(1);
+	}
+	retval = fcntl(pipefds[0], F_SETFD, FD_CLOEXEC);
+	if (retval < 0) {
 		dbg("error fcntl on read pipe: %s", strerror(errno));
 		exit(1);
 	}
@@ -429,7 +450,13 @@
 		dbg("error fcntl on write pipe: %s", strerror(errno));
 		exit(1);
 	}
+	retval = fcntl(pipefds[1], F_SETFD, FD_CLOEXEC);
+	if (retval < 0) {
+		dbg("error fcntl on write pipe: %s", strerror(errno));
+		exit(1);
+	}
 
+	
 	/* set signal handlers */
 	act.sa_handler = sig_handler;
 	sigemptyset(&act.sa_mask);
@@ -457,15 +484,22 @@
 		dbg("bind failed, exit");
 		goto exit;
 	}
+	retval = fcntl(ssock, F_SETFD, FD_CLOEXEC);
+	if (retval < 0) {
+		dbg("error fcntl on ssock: %s", strerror(errno));
+		exit(1);
+	}
 
 	/* enable receiving of the sender credentials */
 	setsockopt(ssock, SOL_SOCKET, SO_PASSCRED, &on, sizeof(on));
 
 	/* possible override of udev binary, used for testing */
+#ifdef DEBUG
 	udev_bin = getenv("UDEV_BIN");
 	if (udev_bin != NULL)
 		dbg("udev binary is set to '%s'", udev_bin);
 	else
+#endif
 		udev_bin = UDEV_BIN;
 
 	FD_ZERO(&readfds);
--- udev-032/dev_d.c.rhsec	2004-09-14 07:55:37.000000000 +0200
+++ udev-032/dev_d.c	2004-09-14 15:13:58.914535808 +0200
@@ -78,6 +78,7 @@
 		strfieldcpy(env_devname, dev->name);
 		setenv("DEVPATH", devpath, 1);
 	}
+	else env_devname[0] = 0;
 	setenv("DEVNAME", env_devname, 1);
 	dbg("DEVNAME='%s'", env_devname);
 
--- udev-032/udev-remove.c.rhsec	2004-09-14 07:55:33.000000000 +0200
+++ udev-032/udev-remove.c	2004-09-14 15:13:58.918535200 +0200
@@ -105,7 +105,7 @@
 	char filename[NAME_SIZE];
 	char linkname[NAME_SIZE];
 	char partitionname[NAME_SIZE];
-	int retval;
+	int retval = 0;
 	int i;
 	char *pos;
 	int len;

--------------020805090903000905000904--


-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel