isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sudo_debug_register: add minfd argument to specify lowest fd number

Browse Source 
Use this in sudo_intercept.so to avoid allocating a low-numbered
fd which the shell reserves for use by scripts.
This commit is contained in:
Todd C. Miller
2021-08-26 09:57:24 -06:00
parent d6a71fe32e
commit 70aef0eb2d
13 changed files with 35 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
lib/util/sudo_debug.c
View File

@@ -142,7 +142,7 @@ sudo_debug_free_output(struct sudo_debug_output *output)
*/
static struct sudo_debug_output *
sudo_debug_new_output(struct sudo_debug_instance *instance,
struct sudo_debug_file *debug_file)
struct sudo_debug_file *debug_file, int minfd)
{
char *buf, *cp, *last, *subsys, *pri;
struct sudo_debug_output *output;
@@ -181,6 +181,15 @@ sudo_debug_new_output(struct sudo_debug_instance *instance,
}
ignore_result(fchown(output->fd, (uid_t)-1, 0));
}
if (output->fd < minfd) {
int newfd = fcntl(output->fd, F_DUPFD, minfd);
if (newfd == -1) {
sudo_warn_nodebug("%s", output->filename);
goto bad;
}
close(output->fd);
output->fd = newfd;
}
if (fcntl(output->fd, F_SETFD, FD_CLOEXEC) == -1) {
sudo_warn_nodebug("%s", output->filename);
goto bad;
@@ -259,8 +268,9 @@ bad:
* on error.
*/
int
sudo_debug_register_v1(const char *program, const char *const subsystems[],
unsigned int ids[], struct sudo_conf_debug_file_list *debug_files)
sudo_debug_register_v2(const char *program, const char *const subsystems[],
unsigned int ids[], struct sudo_conf_debug_file_list *debug_files,
int minfd)
{
struct sudo_debug_instance *instance = NULL;
struct sudo_debug_output *output;
@@ -346,7 +356,7 @@ sudo_debug_register_v1(const char *program, const char *const subsystems[],
}
TAILQ_FOREACH(debug_file, debug_files, entries) {
output = sudo_debug_new_output(instance, debug_file);
output = sudo_debug_new_output(instance, debug_file, minfd);
if (output != NULL)
SLIST_INSERT_HEAD(&instance->outputs, output, entries);
}
@@ -364,6 +374,13 @@ sudo_debug_register_v1(const char *program, const char *const subsystems[],
return idx;
}
int
sudo_debug_register_v1(const char *program, const char *const subsystems[],
unsigned int ids[], struct sudo_conf_debug_file_list *debug_files)
{
return sudo_debug_register_v2(program, subsystems, ids, debug_files, -1);
}
/*
* De-register the specified instance from the debug subsystem
* and free up any associated data structures.