PATCH udev close on exec

linux-hotplug.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* PATCH udev close on exec
@ 2004-09-20 14:08 Harald Hoyer
  0 siblings, 0 replies; 2+ messages in thread
From: Harald Hoyer @ 2004-09-20 14:08 UTC (permalink / raw)
  To: linux-hotplug

[-- Attachment #1: Type: text/plain, Size: 59 bytes --]

selinux wants a clean fd set, so better close all open fds

[-- Attachment #2: udev-030-cloexec.patch --]
[-- Type: text/plain, Size: 3776 bytes --]

--- udev-032/udevd.c.cloexec	2004-09-20 16:01:57.902138264 +0200
+++ udev-032/udevd.c	2004-09-20 16:01:57.910137048 +0200
@@ -478,6 +478,8 @@
 		exit(1);
 	}
 
+	set_cloexec_flag(ssock, 1);
+
 	/* the bind takes care of ensuring only one copy running */
 	retval = bind(ssock, (struct sockaddr *) &saddr, addrlen);
 	if (retval < 0) {
--- udev-032/namedev.c.cloexec	2004-09-20 16:01:57.901138416 +0200
+++ udev-032/namedev.c	2004-09-20 16:01:57.911136896 +0200
@@ -454,10 +454,8 @@
 	switch(pid) {
 	case 0:
 		/* child */
-		close(STDOUT_FILENO);
-
-		/* dup write side of pipe to STDOUT */
-		dup(fds[1]);
+		/* dup2 write side of pipe to STDOUT */
+		dup2(fds[1], STDOUT_FILENO);
 		if (argv[0] !=  NULL) {
 			dbg("execute '%s' with given arguments", argv[0]);
 			retval = execv(argv[0], argv);
--- udev-032/tdb/tdb.c.cloexec	2004-09-14 07:55:37.000000000 +0200
+++ udev-032/tdb/tdb.c	2004-09-20 16:01:57.912136744 +0200
@@ -65,6 +65,7 @@
 #include <signal.h>
 #include "tdb.h"
 #include "spinlock.h"
+#include "../udev_lib.h"
 #else
 #include "includes.h"
 #endif
@@ -1736,6 +1737,12 @@
 		goto fail;	/* errno set by open(2) */
 	}
 
+	/* 
+	   Close file when execing another process.  
+	   Prevents SELinux access errors.
+	*/
+	set_cloexec_flag(tdb->fd, 1);
+
 	/* ensure there is only one process initialising at once */
 	if (tdb_brlock(tdb, GLOBAL_LOCK, F_WRLCK, F_SETLKW, 0) == -1) {
 		TDB_LOG((tdb, 0, "tdb_open_ex: failed to get global lock on %s: %s\n",
--- udev-032/dev_d.c.cloexec	2004-09-20 16:01:57.907137504 +0200
+++ udev-032/dev_d.c	2004-09-20 16:02:44.062120880 +0200
@@ -23,9 +23,13 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <sys/stat.h>
 #include <unistd.h>
+#include <fcntl.h>
+
 #include "udev.h"
 #include "udev_lib.h"
+#include "udevdb.h"
 #include "logging.h"
 
 #define DEVD_DIR			"/etc/dev.d/"
@@ -34,6 +38,7 @@
 static int run_program(char *name)
 {
 	pid_t pid;
+	int fd;
 
 	dbg("running %s", name);
 
@@ -41,6 +46,14 @@
 	switch (pid) {
 	case 0:
 		/* child */
+		udevdb_exit();  /* close udevdb */
+		fd = open("/dev/null", O_RDWR);
+		if ( fd >= 0) {
+			dup2(fd, STDOUT_FILENO);
+			dup2(fd, STDIN_FILENO);
+			dup2(fd, STDERR_FILENO);
+		}
+		close(fd);
 		execv(name, main_argv);
 		dbg("exec of child failed");
 		exit(1);
--- udev-032/udev_lib.h.cloexec	2004-09-14 07:55:34.000000000 +0200
+++ udev-032/udev_lib.h	2004-09-20 16:01:57.914136440 +0200
@@ -84,6 +84,6 @@
 extern void leading_slash(char *path);
 extern void no_leading_slash(char *path);
 extern int  call_foreach_file(int fnct(char *f) , char *filename, char *extension);
-
+extern int set_cloexec_flag (int desc, int value);
 
 #endif
--- udev-032/udev_lib.c.cloexec	2004-09-14 07:55:37.000000000 +0200
+++ udev-032/udev_lib.c	2004-09-20 16:01:57.914136440 +0200
@@ -255,3 +255,22 @@
 	closedir(dir);
 	return 0;
 }
+
+/* Set the FD_CLOEXEC  flag of desc if value is nonzero,
+   or clear the flag if value is 0.
+   Return 0 on success, or -1 on error with errno  set. */ 
+	
+int set_cloexec_flag (int desc, int value)
+{
+	int oldflags = fcntl (desc, F_GETFD, 0);
+	/* If reading the flags failed, return error indication now. */
+	if (oldflags < 0)
+		return oldflags;
+	/* Set just the flag we want to set. */
+	if (value != 0)
+		oldflags |= FD_CLOEXEC;
+	else
+		oldflags &= ~FD_CLOEXEC;
+	/* Store modified flag word in the descriptor. */
+	return fcntl (desc, F_SETFD, oldflags);
+}
--- udev-032/udevsend.c.cloexec	2004-09-14 07:55:32.000000000 +0200
+++ udev-032/udevsend.c	2004-09-20 16:01:57.915136288 +0200
@@ -171,6 +171,8 @@
 		goto fallback;
 	}
 
+	set_cloexec_flag(sock, 1);
+
 	memset(&saddr, 0x00, sizeof(struct sockaddr_un));
 	saddr.sun_family = AF_LOCAL;
 	/* use abstract namespace for socket path */

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: PATCH udev close on exec
@ 2004-10-05 23:57 Greg KH
  0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2004-10-05 23:57 UTC (permalink / raw)
  To: linux-hotplug

On Mon, Sep 20, 2004 at 04:08:23PM +0200, Harald Hoyer wrote:
> selinux wants a clean fd set, so better close all open fds

Applied, thanks.

greg k-h


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2004-10-05 23:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-20 14:08 PATCH udev close on exec Harald Hoyer
  -- strict thread matches above, loose matches on Subject: below --
2004-10-05 23:57 Greg KH

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).