]>
Commit | Line | Data |
---|---|---|
94120488 ER |
1 | # from Fedora |
2 | # submitted to upstream (Oliver Rauch) via email, 2009-08-18 | |
3 | ||
12d07cfb AM |
4 | From 6dee7eadd1b7352ec503ea04fa1639d4a93f370b Mon Sep 17 00:00:00 2001 |
5 | From: Nils Philippsen <nils@redhat.com> | |
6 | Date: Thu, 16 Aug 2012 11:18:31 +0200 | |
7 | Subject: [PATCH] patch: close-fds | |
8 | ||
9 | Squashed commit of the following: | |
10 | ||
11 | commit 4fdedd3a8b66fb42b2d4dde62df28c78571c1c5d | |
12 | Author: Nils Philippsen <nils@redhat.com> | |
13 | Date: Fri Nov 19 12:15:58 2010 +0100 | |
14 | ||
15 | don't leak file descriptors to help browser process (#455450) | |
16 | --- | |
17 | src/xsane.c | 43 +++++++++++++++++++++++++++++++++++++++++++ | |
18 | 1 file changed, 43 insertions(+) | |
19 | ||
20 | diff --git a/src/xsane.c b/src/xsane.c | |
21 | index 775610e..1c5d61d 100644 | |
22 | --- a/src/xsane.c | |
23 | +++ b/src/xsane.c | |
24 | @@ -48,6 +48,8 @@ | |
25 | ||
26 | #include <sys/wait.h> | |
27 | ||
28 | +#include <stdarg.h> | |
29 | + | |
30 | /* ---------------------------------------------------------------------------------------------------------------------- */ | |
31 | ||
32 | struct option long_options[] = | |
33 | @@ -3684,6 +3686,41 @@ static void xsane_show_gpl(GtkWidget *widget, gpointer data) | |
34 | ||
35 | /* ---------------------------------------------------------------------------------------------------------------------- */ | |
36 | ||
37 | +static void xsane_close_fds_for_exec(signed int first_fd_to_leave_open, ...) | |
38 | +{ | |
39 | + int open_max; | |
40 | + signed int i; | |
41 | + | |
42 | + va_list ap; | |
43 | + unsigned char *close_fds; | |
44 | + | |
45 | + open_max = (int) sysconf (_SC_OPEN_MAX); | |
46 | + | |
47 | + close_fds = malloc (open_max); | |
48 | + | |
49 | + memset (close_fds, 1, open_max); | |
50 | + | |
51 | + va_start (ap, first_fd_to_leave_open); | |
52 | + | |
53 | + for (i = first_fd_to_leave_open; i >= 0; i = va_arg (ap, signed int)) { | |
54 | + if (i < open_max) | |
55 | + close_fds[i] = 0; | |
56 | + } | |
57 | + | |
58 | + va_end (ap); | |
59 | + | |
60 | + DBG(DBG_info, "closing unneeded file descriptors\n"); | |
61 | + | |
62 | + for (i = 0; i < open_max; i++) { | |
63 | + if (close_fds[i]) | |
64 | + close (i); | |
65 | + } | |
66 | + | |
67 | + free (close_fds); | |
68 | +} | |
69 | + | |
70 | +/* ---------------------------------------------------------------------------------------------------------------------- */ | |
71 | + | |
72 | static void xsane_show_doc_via_nsr(GtkWidget *widget, gpointer data) /* show via netscape remote */ | |
73 | { | |
74 | char *name = (char *) data; | |
75 | @@ -3736,6 +3773,8 @@ static void xsane_show_doc_via_nsr(GtkWidget *widget, gpointer data) /* show via | |
76 | ipc_file = fdopen(xsane.ipc_pipefd[1], "w"); | |
77 | } | |
78 | ||
79 | + xsane_close_fds_for_exec (1, 2, xsane.ipc_pipefd[1], -1); | |
80 | + | |
81 | DBG(DBG_info, "trying to change user id for new subprocess:\n"); | |
82 | DBG(DBG_info, "old effective uid = %d\n", (int) geteuid()); | |
83 | setuid(getuid()); | |
84 | @@ -3778,6 +3817,8 @@ static void xsane_show_doc_via_nsr(GtkWidget *widget, gpointer data) /* show via | |
85 | ipc_file = fdopen(xsane.ipc_pipefd[1], "w"); | |
86 | } | |
87 | ||
88 | + xsane_close_fds_for_exec (1, 2, xsane.ipc_pipefd[1], -1); | |
89 | + | |
90 | DBG(DBG_info, "trying to change user id for new subprocess:\n"); | |
91 | DBG(DBG_info, "old effective uid = %d\n", (int) geteuid()); | |
92 | setuid(getuid()); | |
93 | @@ -3899,6 +3940,8 @@ static void xsane_show_doc(GtkWidget *widget, gpointer data) | |
94 | ipc_file = fdopen(xsane.ipc_pipefd[1], "w"); | |
95 | } | |
96 | ||
97 | + xsane_close_fds_for_exec (1, 2, xsane.ipc_pipefd[1], -1); | |
98 | + | |
99 | DBG(DBG_info, "trying to change user id for new subprocess:\n"); | |
100 | DBG(DBG_info, "old effective uid = %d\n", (int) geteuid()); | |
101 | setuid(getuid()); | |
102 | -- | |
103 | 1.7.11.4 | |
104 |