diff options
author | Ken Raeburn <raeburn@mit.edu> | 2007-10-22 19:18:53 +0000 |
---|---|---|
committer | Ken Raeburn <raeburn@mit.edu> | 2007-10-22 19:18:53 +0000 |
commit | 3d8fa6bb4012296a53fe04e486a9157a2963b644 (patch) | |
tree | 7c0f5dcc658ebd75d758024a21097af95d616e05 /src/lib/krb5 | |
parent | 70e8d7a6c50bbdb547150eba0abdef46d93d5b71 (diff) | |
download | krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.zip krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.tar.gz krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.tar.bz2 |
Set close-on-exec flag in most places where file descriptors are
opened in our libraries (in case another application thread spawns a
new process) and in the KDC programs (in case a plugin library spawns
a new process).
Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup
dup2 pipe. In: util lib plugins kdc kadmin/server krb524.
The various programs are less critical than the libraries, as any
well-written plugin that spawns a new process should close all file
descriptors it doesn't need to communicate with the new process.
This approach also isn't bulletproof, as the call to set the
close-on-exec flag is necessarily a separate call from creating the
file descriptor, and the fork call could happen in between them. So
plugins should be careful regardless of this patch; it will only
reduce the window of potential lossage should a plugin be poorly
written. (AFAIK there are currently no plugins that spawn processes
where this would be a problem.)
Update dependencies.
ticket: 5561
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/krb5')
-rw-r--r-- | src/lib/krb5/ccache/cc_file.c | 3 | ||||
-rw-r--r-- | src/lib/krb5/keytab/kt_file.c | 1 | ||||
-rw-r--r-- | src/lib/krb5/keytab/kt_srvtab.c | 3 | ||||
-rw-r--r-- | src/lib/krb5/os/kuserok.c | 3 | ||||
-rw-r--r-- | src/lib/krb5/os/localaddr.c | 7 | ||||
-rw-r--r-- | src/lib/krb5/os/prompter.c | 1 | ||||
-rw-r--r-- | src/lib/krb5/os/sendto_kdc.c | 1 | ||||
-rw-r--r-- | src/lib/krb5/rcache/rc_io.c | 3 |
8 files changed, 19 insertions, 3 deletions
diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c index 9abf93f..6206149 100644 --- a/src/lib/krb5/ccache/cc_file.c +++ b/src/lib/krb5/ccache/cc_file.c @@ -1252,6 +1252,7 @@ krb5_fcc_open_file (krb5_context context, krb5_ccache id, int mode) return krb5_fcc_interpret (context, errno); } } + set_cloexec_fd(f); data->mode = mode; @@ -1560,6 +1561,7 @@ krb5_fcc_destroy(krb5_context context, krb5_ccache id) kret = krb5_fcc_interpret(context, errno); goto cleanup; } + set_cloexec_fd(ret); data->file = ret; } else @@ -1980,6 +1982,7 @@ krb5_fcc_generate_new (krb5_context context, krb5_ccache *id) k5_mutex_unlock(&krb5int_cc_file_mutex); return krb5_fcc_interpret(context, errno); } + set_cloexec_fd(ret); /* Allocate memory */ data = (krb5_pointer) malloc(sizeof(krb5_fcc_data)); diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index e6e04e3..1baa800 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -1156,6 +1156,7 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) } } } + set_cloexec_file(KTFILEP(id)); if ((kerror = krb5_lock_file(context, fileno(KTFILEP(id)), mode))) { (void) fclose(KTFILEP(id)); KTFILEP(id) = 0; diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c index 5a80f32..e3dd009 100644 --- a/src/lib/krb5/keytab/kt_srvtab.c +++ b/src/lib/krb5/keytab/kt_srvtab.c @@ -1,7 +1,7 @@ /* * lib/krb5/keytab/srvtab/kts_resolv.c * - * Copyright 1990,1991,2002 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2002,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -411,6 +411,7 @@ krb5_ktsrvint_open(krb5_context context, krb5_keytab id) KTFILEP(id) = fopen(KTFILENAME(id), READ_MODE); if (!KTFILEP(id)) return errno; + set_cloexec_file(KTFILEP(id)); return 0; } diff --git a/src/lib/krb5/os/kuserok.c b/src/lib/krb5/os/kuserok.c index 1505c82..719faae 100644 --- a/src/lib/krb5/os/kuserok.c +++ b/src/lib/krb5/os/kuserok.c @@ -1,7 +1,7 @@ /* * lib/krb5/os/kuserok.c * - * Copyright 1990,1993 by the Massachusetts Institute of Technology. + * Copyright 1990,1993,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -110,6 +110,7 @@ krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser) free(princname); return(FALSE); } + set_cloexec_file(fp); /* * For security reasons, the .k5login file must be owned either by * the user himself, or by root. Otherwise, don't grant access. diff --git a/src/lib/krb5/os/localaddr.c b/src/lib/krb5/os/localaddr.c index 75953b1..e139ca4 100644 --- a/src/lib/krb5/os/localaddr.c +++ b/src/lib/krb5/os/localaddr.c @@ -1,7 +1,7 @@ /* * lib/krb5/os/localaddr.c * - * Copyright 1990,1991,2000,2001,2002,2004 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2000,2001,2002,2004,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -363,6 +363,7 @@ get_linux_ipv6_addrs () int i; unsigned int addrbyte[16]; + set_cloexec_file(f); while (fscanf(f, "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x" " %2x %2x %2x %2x %20s\n", @@ -543,6 +544,7 @@ foreach_localaddr (/*@null@*/ void *data, Tperror ("socket"); continue; } + set_cloexec_fd(P.sock); P.lifnum.lifn_family = P.af; P.lifnum.lifn_flags = 0; @@ -718,6 +720,7 @@ foreach_localaddr (/*@null@*/ void *data, Tperror ("socket"); continue; } + set_cloexec_fd(P.sock); code = ioctl (P.sock, SIOCGLIFNUM, &P.if_num); if (code) { @@ -939,6 +942,7 @@ foreach_localaddr (/*@null@*/ void *data, s = socket (USE_AF, USE_TYPE, USE_PROTO); if (s < 0) return SOCKET_ERRNO; + set_cloexec_fd(s); retval = get_ifreq_array(&buf, &n, s); if (retval) { @@ -1450,6 +1454,7 @@ static struct hostent *local_addr_fallback_kludge() sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock == INVALID_SOCKET) return NULL; + set_cloexec_fd(sock); /* connect to arbitrary port and address (NOT loopback) */ addr.sin_family = AF_INET; diff --git a/src/lib/krb5/os/prompter.c b/src/lib/krb5/os/prompter.c index 739c8c7..36803ec 100644 --- a/src/lib/krb5/os/prompter.c +++ b/src/lib/krb5/os/prompter.c @@ -60,6 +60,7 @@ krb5_prompter_posix( fd = dup(STDIN_FILENO); if (fd < 0) return KRB5_LIBOS_CANTREADPWD; + set_cloexec_fd(fd); fp = fdopen(fd, "r"); if (fp == NULL) goto cleanup; diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c index 9992747..050aec5 100644 --- a/src/lib/krb5/os/sendto_kdc.c +++ b/src/lib/krb5/os/sendto_kdc.c @@ -677,6 +677,7 @@ start_connection (struct conn_state *state, dprint("socket: fd %d too high\n", fd); return -1; } + set_cloexec_fd(fd); /* Make it non-blocking. */ if (ai->ai_socktype == SOCK_STREAM) { static const int one = 1; diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c index 3235728..b76a8dd 100644 --- a/src/lib/krb5/rcache/rc_io.c +++ b/src/lib/krb5/rcache/rc_io.c @@ -143,6 +143,7 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn) goto cleanup; } } + set_cloexec_fd(d->fd); retval = krb5_rc_io_write(context, d, (krb5_pointer)&rc_vno, sizeof(rc_vno)); if (retval) @@ -239,6 +240,7 @@ krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn, goto cleanup; } } + set_cloexec_fd(d->fd); do_not_unlink = 0; retval = krb5_rc_io_read(context, d, (krb5_pointer) &rc_vno, @@ -341,6 +343,7 @@ krb5_rc_io_move(krb5_context context, krb5_rc_iostuff *new1, (void) krb5_rc_io_close(context, new1); new1->fn = fn; new1->fd = dup(old->fd); + set_cloexec_fd(new1->fd); return 0; #endif } |