Adding checks for fd omission #964
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
skyler-ferrante
force-pushed
the
master
branch
3 times, most recently
from
e740ca3 to
706f73a
Compare
Collaborator
|
On Fri, Mar 08, 2024 at 05:18:22PM -0800, Skyler Ferrante wrote:
@skyler-ferrante commented on this pull request.
> (Alternatively, you might unconditionally close devnull.)
I think this is dangerous, since devnull is guaranteed to be equal to the fd we are checking. If stdin (0) is not open and we open(/dev/null) devnull should be equal to 0. The dup2 isn't actually necessary, its just a good idea to do, since a system might not hand out new fds starting at the lowest available.
Ahh, sorry, I forgot! You're right.
> Mind that the if is there because a leak for fd 0 1 or 2 is not really a leak, since those fds we actually want them open.
It should only be a leak if the system doesn't give new fds starting at the lowest option available since we start at 0 and go to 3. But yeah, it's still probably a good idea to check.
Hmmm, I don't mind removing the check. Or maybe we should abort if it
is true, because it should never be.
…
|
alejandro-colomar
approved these changes
Mar 10, 2024
Adding function check_fds to new file fd.c. The function check_fds should be called in every setuid/setgid program. Co-developed-by: Alejandro Colomar <alx@kernel.org>
Collaborator
|
@hallyn , I'd merge this, but the master branch doesn't yet contain the 4.15.0 release tag (and thus still has the 4.14.0 version in configure.ac). Would you please fast-forward master before merging this? |
Member
It doesn't? I did push it, and used it for making the release: https://github.com/shadow-maint/shadow/releases/tag/4.15.0 What's missing? |
Member
|
Anyway +1 from me, I was about to merge when I noticed your comment. |
Collaborator
I think the branch protection might have caused your push to (partially?) fail? Now I see you've merged&pushed another branch: The tag was correctly pushed, but the branch wasn't fast-forwarded to the tag. |
alejandro-colomar
pushed a commit
that referenced
this pull request
Mar 13, 2024
Adding function check_fds to new file fd.c. The function check_fds should be called in every setuid/setgid program. Co-developed-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: d2f2c18 ("Adding checks for fd omission") Link: <#964> Link: <https://inbox.sourceware.org/libc-alpha/ZeyujhVRsDTUNUtw@debian/T/> [alx: It seems we shouldn't need this, as libc does it for us. But it ] [ shouldn't hurt either. Let's be paranoic. ] Cc: <Guillem Jover <guillem@hadrons.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu> Cc: Iker Pedrosa <ipedrosa@redhat.com> Cc: Christian Brauner <christian@brauner.io> Cc: Rich Felker <dalias@libc.org> Cc: Andreas Schwab <schwab@linux-m68k.org> Cc: Thorsten Glaser <tg@mirbsd.de> Cc: NRK <nrk@disroot.org> Cc: Florian Weimer <fweimer@redhat.com> Cc: enh <enh@google.com> Cc: Laurent Bercot <ska-dietlibc@skarnet.org> Cc: Gabriel Ravier <gabravier@gmail.com> Cc: Zack Weinberg <zack@owlfolio.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Closed
alejandro-colomar
pushed a commit
that referenced
this pull request
Mar 21, 2024
Adding function check_fds to new file fd.c. The function check_fds should be called in every setuid/setgid program. Co-developed-by: Alejandro Colomar <alx@kernel.org> Cherry-picked-from: d2f2c18 ("Adding checks for fd omission") Link: <#964> Link: <https://inbox.sourceware.org/libc-alpha/ZeyujhVRsDTUNUtw@debian/T/> [alx: It seems we shouldn't need this, as libc does it for us. But it ] [ shouldn't hurt either. Let's be paranoic. ] Cc: <Guillem Jover <guillem@hadrons.org> Cc: "Serge E. Hallyn" <serge@hallyn.com> Cc: "Skyler Ferrante (RIT Student)" <sjf5462@rit.edu> Cc: Iker Pedrosa <ipedrosa@redhat.com> Cc: Christian Brauner <christian@brauner.io> Cc: Rich Felker <dalias@libc.org> Cc: Andreas Schwab <schwab@linux-m68k.org> Cc: Thorsten Glaser <tg@mirbsd.de> Cc: NRK <nrk@disroot.org> Cc: Florian Weimer <fweimer@redhat.com> Cc: enh <enh@google.com> Cc: Laurent Bercot <ska-dietlibc@skarnet.org> Cc: Gabriel Ravier <gabravier@gmail.com> Cc: Zack Weinberg <zack@owlfolio.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding function check_fds to new file fd.c. The function check_fds should be called in every setuid/setgid program. I also added sanitize_env to every setuid/setgid program.