diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2007-10-22 19:18:53 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2007-10-22 19:18:53 +0000 |
| commit | 3d8fa6bb4012296a53fe04e486a9157a2963b644 (patch) | |
| tree | 7c0f5dcc658ebd75d758024a21097af95d616e05 /src/lib/rpc | |
| parent | 70e8d7a6c50bbdb547150eba0abdef46d93d5b71 (diff) | |
| download | krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.zip krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.tar.gz krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.tar.bz2 | |
Set close-on-exec flag in most places where file descriptors are
opened in our libraries (in case another application thread spawns a
new process) and in the KDC programs (in case a plugin library spawns
a new process).
Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup
dup2 pipe. In: util lib plugins kdc kadmin/server krb524.
The various programs are less critical than the libraries, as any
well-written plugin that spawns a new process should close all file
descriptors it doesn't need to communicate with the new process.
This approach also isn't bulletproof, as the call to set the
close-on-exec flag is necessarily a separate call from creating the
file descriptor, and the fork call could happen in between them. So
plugins should be careful regardless of this patch; it will only
reduce the window of potential lossage should a plugin be poorly
written. (AFAIK there are currently no plugins that spawn processes
where this would be a problem.)
Update dependencies.
ticket: 5561
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib/rpc')
| -rw-r--r-- | src/lib/rpc/Makefile.in | 20 | ||||
| -rw-r--r-- | src/lib/rpc/get_myaddress.c | 1 | ||||
| -rw-r--r-- | src/lib/rpc/getrpcent.c | 13 | ||||
| -rw-r--r-- | src/lib/rpc/pmap_rmt.c | 2 | ||||
| -rw-r--r-- | src/lib/rpc/svc_tcp.c | 3 | ||||
| -rw-r--r-- | src/lib/rpc/svc_udp.c | 2 |
6 files changed, 29 insertions, 12 deletions
diff --git a/src/lib/rpc/Makefile.in b/src/lib/rpc/Makefile.in index 729290a..286b65d 100644 --- a/src/lib/rpc/Makefile.in +++ b/src/lib/rpc/Makefile.in @@ -402,14 +402,16 @@ pmap_prot2.so pmap_prot2.po $(OUTPRE)pmap_prot2.$(OBJEXT): \ $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ pmap_prot2.c pmap_rmt.so pmap_rmt.po $(OUTPRE)pmap_rmt.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ - $(SRCTOP)/include/gssrpc/pmap_rmt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h pmap_rmt.c + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \ + $(SRCTOP)/include/gssrpc/pmap_prot.h $(SRCTOP)/include/gssrpc/pmap_rmt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + pmap_rmt.c rpc_prot.so rpc_prot.po $(OUTPRE)rpc_prot.$(OBJEXT): \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ @@ -514,6 +516,7 @@ svc_tcp.so svc_tcp.po $(OUTPRE)svc_tcp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ svc_tcp.c svc_udp.so svc_udp.po $(OUTPRE)svc_udp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ @@ -522,6 +525,7 @@ svc_udp.so svc_udp.po $(OUTPRE)svc_udp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ svc_udp.c xdr.so xdr.po $(OUTPRE)xdr.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \ $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ diff --git a/src/lib/rpc/get_myaddress.c b/src/lib/rpc/get_myaddress.c index 871c8fc..884a19b 100644 --- a/src/lib/rpc/get_myaddress.c +++ b/src/lib/rpc/get_myaddress.c @@ -90,6 +90,7 @@ get_myaddress(struct sockaddr_in *addr) perror("get_myaddress: socket"); exit(1); } + set_cloexec_fd(s); ifc.ifc_len = sizeof (buf); ifc.ifc_buf = buf; if (ioctl(s, SIOCGIFCONF, (char *)&ifc) < 0) { diff --git a/src/lib/rpc/getrpcent.c b/src/lib/rpc/getrpcent.c index a91a7a5..0654039 100644 --- a/src/lib/rpc/getrpcent.c +++ b/src/lib/rpc/getrpcent.c @@ -125,9 +125,11 @@ SETRPCENT_TYPE setrpcent(int f) if (d == 0) return; - if (d->rpcf == NULL) + if (d->rpcf == NULL) { d->rpcf = fopen(RPCDB, "r"); - else + if (d->rpcf) + set_cloexec_file(d->rpcf); + } else rewind(d->rpcf); if (d->current) free(d->current); @@ -162,9 +164,12 @@ getrpcent(void) if (d == 0) return(NULL); - if (d->rpcf == NULL && (d->rpcf = fopen(RPCDB, "r")) == NULL) + if (d->rpcf == NULL) { + if ((d->rpcf = fopen(RPCDB, "r")) == NULL) return (NULL); - if (fgets(d->line, BUFSIZ, d->rpcf) == NULL) + set_cloexec_file(d->rpcf); + } + if (fgets(d->line, BUFSIZ, d->rpcf) == NULL) return (NULL); return interpret(d->line, strlen(d->line)); } diff --git a/src/lib/rpc/pmap_rmt.c b/src/lib/rpc/pmap_rmt.c index 062a5e1..71804ab 100644 --- a/src/lib/rpc/pmap_rmt.c +++ b/src/lib/rpc/pmap_rmt.c @@ -59,6 +59,7 @@ static char sccsid[] = "@(#)pmap_rmt.c 1.21 87/08/27 Copyr 1984 Sun Micro"; #include <arpa/inet.h> #define MAX_BROADCAST_SIZE 1400 #include <string.h> +#include "k5-platform.h" /* set_cloexec_fd */ static struct timeval timeout = { 3, 0 }; @@ -278,6 +279,7 @@ clnt_broadcast( stat = RPC_CANTSEND; goto done_broad; } + set_cloexec_fd(sock); #ifdef SO_BROADCAST if (setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (char *) &on, sizeof (on)) < 0) { diff --git a/src/lib/rpc/svc_tcp.c b/src/lib/rpc/svc_tcp.c index d49cf36..e48d504 100644 --- a/src/lib/rpc/svc_tcp.c +++ b/src/lib/rpc/svc_tcp.c @@ -49,6 +49,7 @@ static char sccsid[] = "@(#)svc_tcp.c 1.21 87/08/11 Copyr 1984 Sun Micro"; #include <errno.h> #include <stdlib.h> #include "autoconf.h" +#include "k5-platform.h" /* set_cloexec_fd */ /*extern bool_t abort(); extern errno; */ @@ -143,6 +144,7 @@ svctcp_create( perror("svctcp_.c - udp socket creation problem"); return ((SVCXPRT *)NULL); } + set_cloexec_fd(sock); madesock = TRUE; } memset((char *)&addr, 0, sizeof (addr)); @@ -261,6 +263,7 @@ rendezvous_request( goto again; return (FALSE); } + set_cloexec_fd(sock); if (getsockname(sock, &laddr, &llen) < 0) return (FALSE); diff --git a/src/lib/rpc/svc_udp.c b/src/lib/rpc/svc_udp.c index 49c555f..de1b30f 100644 --- a/src/lib/rpc/svc_udp.c +++ b/src/lib/rpc/svc_udp.c @@ -49,6 +49,7 @@ static char sccsid[] = "@(#)svc_udp.c 1.24 87/08/11 Copyr 1984 Sun Micro"; #ifdef HAVE_SYS_UIO_H #include <sys/uio.h> #endif +#include "k5-platform.h" #define rpc_buffer(xprt) ((xprt)->xp_p1) @@ -118,6 +119,7 @@ svcudp_bufcreate( perror("svcudp_create: socket creation problem"); return ((SVCXPRT *)NULL); } + set_cloexec_fd(sock); madesock = TRUE; } memset((char *)&addr, 0, sizeof (addr)); |