diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2009-12-14 15:30:48 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2009-12-14 15:30:48 +0100 |
| commit | 452013e2097aa985bf8c3f8296d00d189401eea3 (patch) | |
| tree | 8e7679bd14ecf15803bae6b6ab4fd9f687ea874a | |
| parent | f1d1a096c389b076007cda87c6e7db3172ed98db (diff) | |
| download | abrt-452013e2097aa985bf8c3f8296d00d189401eea3.tar.gz abrt-452013e2097aa985bf8c3f8296d00d189401eea3.tar.xz abrt-452013e2097aa985bf8c3f8296d00d189401eea3.zip | |
more "obviously correct" code for secure opening of /dev/null
Old code is not broken, new one merely looks "more obviously correct".
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | lib/Plugins/CCpp.cpp | 10 | ||||
| -rw-r--r-- | lib/Plugins/Firefox.cpp | 8 | ||||
| -rw-r--r-- | src/Daemon/Daemon.cpp | 9 |
3 files changed, 7 insertions, 20 deletions
diff --git a/lib/Plugins/CCpp.cpp b/lib/Plugins/CCpp.cpp index add4e50f..22566a73 100644 --- a/lib/Plugins/CCpp.cpp +++ b/lib/Plugins/CCpp.cpp @@ -120,12 +120,7 @@ static int ExecVP(char **pArgs, uid_t uid, string& pOutput) close(pipeout[0]); /* read side of the pipe */ xmove_fd(pipeout[1], STDOUT_FILENO); /* Make sure stdin is safely open to nothing */ - close(STDIN_FILENO); - if (open("/dev/null", O_RDONLY)) - { - if (open("/", O_RDONLY)) - abort(); /* never happens */ - } + xmove_fd(xopen("/dev/null", O_RDONLY), STDIN_FILENO); /* Not a good idea, we won't see any error messages */ /* close(STDERR_FILENO); */ @@ -395,8 +390,7 @@ static void InstallDebugInfos(const char *pDebugDumpDir, { close(pipeout[0]); xmove_fd(pipeout[1], STDOUT_FILENO); - close(STDIN_FILENO); - xopen("/dev/null", O_RDONLY); + xmove_fd(xopen("/dev/null", O_RDONLY), STDIN_FILENO); /* Not a good idea, we won't see any error messages */ /*close(STDERR_FILENO);*/ diff --git a/lib/Plugins/Firefox.cpp b/lib/Plugins/Firefox.cpp index 6f2c60d6..9c102041 100644 --- a/lib/Plugins/Firefox.cpp +++ b/lib/Plugins/Firefox.cpp @@ -115,10 +115,7 @@ static pid_t ExecVP(char** pArgs, uid_t uid, std::string& pOutput) close(pipeout[0]); /* read side of the pipe */ xmove_fd(pipeout[1], STDOUT_FILENO); /* Make sure stdin is safely open to nothing */ - close(STDIN_FILENO); - if (open("/dev/null", O_RDONLY)) - if (open("/", O_RDONLY)) - abort(); /* never happens */ + xmove_fd(xopen("/dev/null", O_RDONLY), STDIN_FILENO); /* Not a good idea, we won't see any error messages */ /* close(STDERR_FILENO); */ @@ -692,8 +689,7 @@ static void InstallDebugInfos(const char *pDebugDumpDir, std::string& build_ids) { close(pipeout[0]); xmove_fd(pipeout[1], STDOUT_FILENO); - close(STDIN_FILENO); - xopen("/dev/null", O_RDONLY); + xmove_fd(xopen("/dev/null", O_RDONLY), STDIN_FILENO); /* Not a good idea, we won't see any error messages */ /*close(STDERR_FILENO);*/ diff --git a/src/Daemon/Daemon.cpp b/src/Daemon/Daemon.cpp index 6f98966c..153363d5 100644 --- a/src/Daemon/Daemon.cpp +++ b/src/Daemon/Daemon.cpp @@ -623,14 +623,11 @@ static void run_main_loop(GMainLoop* loop) static void start_syslog_logging() { /* Open stdin to /dev/null */ - close(STDIN_FILENO); - xopen("/dev/null", O_RDWR); + xmove_fd(xopen("/dev/null", O_RDWR), STDIN_FILENO); /* We must not leave fds 0,1,2 closed. * Otherwise fprintf(stderr) dumps messages into random fds, etc. */ - close(STDOUT_FILENO); - close(STDERR_FILENO); - xdup(0); - xdup(0); + xdup2(STDIN_FILENO, STDOUT_FILENO); + xdup2(STDIN_FILENO, STDERR_FILENO); openlog("abrtd", 0, LOG_DAEMON); logmode = LOGMODE_SYSLOG; } |