diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2007-10-22 19:18:53 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2007-10-22 19:18:53 +0000 |
| commit | 3d8fa6bb4012296a53fe04e486a9157a2963b644 (patch) | |
| tree | 7c0f5dcc658ebd75d758024a21097af95d616e05 /src/lib | |
| parent | 70e8d7a6c50bbdb547150eba0abdef46d93d5b71 (diff) | |
| download | krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.tar.gz krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.tar.xz krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.zip | |
Set close-on-exec flag in most places where file descriptors are
opened in our libraries (in case another application thread spawns a
new process) and in the KDC programs (in case a plugin library spawns
a new process).
Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup
dup2 pipe. In: util lib plugins kdc kadmin/server krb524.
The various programs are less critical than the libraries, as any
well-written plugin that spawns a new process should close all file
descriptors it doesn't need to communicate with the new process.
This approach also isn't bulletproof, as the call to set the
close-on-exec flag is necessarily a separate call from creating the
file descriptor, and the fork call could happen in between them. So
plugins should be careful regardless of this patch; it will only
reduce the window of potential lossage should a plugin be poorly
written. (AFAIK there are currently no plugins that spawn processes
where this would be a problem.)
Update dependencies.
ticket: 5561
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/lib')
32 files changed, 122 insertions, 40 deletions
diff --git a/src/lib/crypto/prng.c b/src/lib/crypto/prng.c index e1e34a2c3..8de199885 100644 --- a/src/lib/crypto/prng.c +++ b/src/lib/crypto/prng.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2001, 2002, 2004 by the Massachusetts Institute of Technology. + * Copyright (C) 2001, 2002, 2004, 2007 by the Massachusetts Institute of Technology. * All rights reserved. * * @@ -166,11 +166,10 @@ read_entropy_from_device (krb5_context context, const char *device) fd = open (device, O_RDONLY); if (fd == -1) return 0; - if (fstat (fd, &sb) == -1) - return 0; - if (S_ISREG(sb.st_mode)) { - close(fd); - return 0; + set_cloexec_fd(fd); + if (fstat (fd, &sb) == -1 || S_ISREG(sb.st_mode)) { + close(fd); + return 0; } for (bp = &buf, left = sizeof (buf); left > 0;) { diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c index dabb399c1..b9db64094 100644 --- a/src/lib/kadm5/logger.c +++ b/src/lib/kadm5/logger.c @@ -423,6 +423,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do if (cp[4] == ':' || cp[4] == '=') { f = fopen(&cp[5], (cp[4] == ':') ? "a+" : "w"); if (f) { + set_cloexec_file(f); log_control.log_entries[i].lfu_filep = f; log_control.log_entries[i].log_type = K_LOG_FILE; log_control.log_entries[i].lfu_fname = &cp[5]; @@ -605,6 +606,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do log_control.log_entries[i].ldu_filep = CONSOLE_OPEN("a+"); if (log_control.log_entries[i].ldu_filep) { + set_cloexec_file(log_control.log_entries[i].ldu_filep); log_control.log_entries[i].log_type = K_LOG_CONSOLE; log_control.log_entries[i].ldu_devname = "console"; } @@ -620,6 +622,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do log_control.log_entries[i].ldu_filep = DEVICE_OPEN(&cp[7], "w"); if (log_control.log_entries[i].ldu_filep) { + set_cloexec_file(log_control.log_entries[i].ldu_filep); log_control.log_entries[i].log_type = K_LOG_DEVICE; log_control.log_entries[i].ldu_devname = &cp[7]; } @@ -956,6 +959,7 @@ krb5_klog_reopen(krb5_context kcontext) */ f = fopen(log_control.log_entries[lindex].lfu_fname, "a+"); if (f) { + set_cloexec_file(f); log_control.log_entries[lindex].lfu_filep = f; } else { fprintf(stderr, "Couldn't open log file %s: %s\n", diff --git a/src/lib/kadm5/srv/server_acl.c b/src/lib/kadm5/srv/server_acl.c index 6d8d6d7f6..bcfe35f84 100644 --- a/src/lib/kadm5/srv/server_acl.c +++ b/src/lib/kadm5/srv/server_acl.c @@ -1,7 +1,7 @@ /* * lib/kadm5/srv/server_acl.c * - * Copyright 1995-2004 by the Massachusetts Institute of Technology. + * Copyright 1995-2004, 2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -484,6 +484,7 @@ kadm5int_acl_load_acl_file() /* Open the ACL file for read */ afp = fopen(acl_acl_file, "r"); if (afp) { + set_cloexec_file(afp); alineno = 1; aentpp = &acl_list_head; diff --git a/src/lib/kadm5/srv/server_dict.c b/src/lib/kadm5/srv/server_dict.c index 53df800b9..4f41b0d41 100644 --- a/src/lib/kadm5/srv/server_dict.c +++ b/src/lib/kadm5/srv/server_dict.c @@ -102,8 +102,11 @@ int init_dict(kadm5_config_params *params) } else return errno; } - if (fstat(fd, &sb) == -1) + set_cloexec_fd(fd); + if (fstat(fd, &sb) == -1) { + close(fd); return errno; + } if ((word_block = (char *) malloc(sb.st_size + 1)) == NULL) return errno; if (read(fd, word_block, sb.st_size) != sb.st_size) diff --git a/src/lib/kdb/kdb_default.c b/src/lib/kdb/kdb_default.c index 34e8dc047..0e5880490 100644 --- a/src/lib/kdb/kdb_default.c +++ b/src/lib/kdb/kdb_default.c @@ -1,7 +1,7 @@ /* * lib/kdb/kdb_helper.c * - * Copyright 1995 by the Massachusetts Institute of Technology. + * Copyright 1995, 2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -175,6 +175,7 @@ krb5_def_store_mkey(context, keyfile, mname, key, master_pwd) error_message (e), keyfile); return e; } + set_cloexec_file(kf); enctype = key->enctype; if ((fwrite((krb5_pointer) &enctype, 2, 1, kf) != 1) || @@ -222,6 +223,7 @@ krb5_db_def_fetch_mkey( krb5_context context, if (!(kf = fopen((db_args) ? db_args : defkeyfile, "r"))) #endif return KRB5_KDB_CANTREAD_STORED; + set_cloexec_file(kf); if (fread((krb5_pointer) &enctype, 2, 1, kf) != 1) { retval = KRB5_KDB_CANTREAD_STORED; diff --git a/src/lib/krb4/Makefile.in b/src/lib/krb4/Makefile.in index 8085a1db2..5faefaef7 100644 --- a/src/lib/krb4/Makefile.in +++ b/src/lib/krb4/Makefile.in @@ -515,10 +515,12 @@ tf_util.so tf_util.po $(OUTPRE)tf_util.$(OBJEXT): $(BUILDTOP)/include/autoconf.h krb4int.h tf_util.c dest_tkt.so dest_tkt.po $(OUTPRE)dest_tkt.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ $(SRCTOP)/include/kerberosIV/krb.h dest_tkt.c in_tkt.so in_tkt.po $(OUTPRE)in_tkt.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/k5-util.h $(SRCTOP)/include/kerberosIV/des.h \ $(SRCTOP)/include/kerberosIV/krb.h in_tkt.c tkt_string.so tkt_string.po $(OUTPRE)tkt_string.$(OBJEXT): \ @@ -550,15 +552,18 @@ unix_glue.so unix_glue.po $(OUTPRE)unix_glue.$(OBJEXT): \ krb4int.h unix_glue.c klog.so klog.po $(OUTPRE)klog.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ klog.c krb4int.h kuserok.so kuserok.po $(OUTPRE)kuserok.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ kuserok.c log.so log.po $(OUTPRE)log.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/klog.h \ $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ krb4int.h log.c @@ -617,9 +622,9 @@ cr_death_pkt.so cr_death_pkt.po $(OUTPRE)cr_death_pkt.$(OBJEXT): \ $(SRCTOP)/include/kerberosIV/prot.h cr_death_pkt.c put_svc_key.so put_svc_key.po $(OUTPRE)put_svc_key.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ - $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ - $(SRCTOP)/include/kerberosIV/krb.h $(SRCTOP)/include/port-sockets.h \ - krb4int.h put_svc_key.c + $(COM_ERR_DEPS) $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + $(SRCTOP)/include/kerberosIV/des.h $(SRCTOP)/include/kerberosIV/krb.h \ + $(SRCTOP)/include/port-sockets.h krb4int.h put_svc_key.c sendauth.so sendauth.po $(OUTPRE)sendauth.$(OBJEXT): \ $(BUILDTOP)/include/autoconf.h $(KRB_ERR_H_DEP) $(BUILDTOP)/include/profile.h \ $(COM_ERR_DEPS) $(SRCTOP)/include/kerberosIV/des.h \ diff --git a/src/lib/krb4/dest_tkt.c b/src/lib/krb4/dest_tkt.c index 4f7c1e377..69198ba6c 100644 --- a/src/lib/krb4/dest_tkt.c +++ b/src/lib/krb4/dest_tkt.c @@ -1,7 +1,7 @@ /* * lib/krb4/dest_tkt.c * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts + * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts * Institute of Technology. All Rights Reserved. * * Export of this software from the United States of America may @@ -32,6 +32,7 @@ #include "k5-util.h" #define do_seteuid krb5_seteuid +#include "k5-platform.h" #ifdef TKT_SHMEM #include <sys/param.h> @@ -102,6 +103,7 @@ dest_tkt() ret = (errno == ENOENT) ? RET_TKFIL : KFAILURE; goto out; } + set_cloexec_fd(fd); /* * Do some additional paranoid things. The worst-case situation * is that a user may be fooled into opening a non-regular file diff --git a/src/lib/krb4/g_cnffile.c b/src/lib/krb4/g_cnffile.c index dd5ed5c60..8ef38feef 100644 --- a/src/lib/krb4/g_cnffile.c +++ b/src/lib/krb4/g_cnffile.c @@ -41,6 +41,8 @@ krb__v5_get_file(s) &full_name); if (retval == 0 && full_name && full_name[0]) { cnffile = fopen(full_name[0],"r"); + if (cnffile) + set_cloexec_file(cnffile); for (cpp = full_name; *cpp; cpp++) krb5_xfree(*cpp); krb5_xfree(full_name); @@ -97,6 +99,8 @@ krb__get_cnffile() #ifdef ATHENA_CONF_FALLBACK if (!cnffile) cnffile = fopen(KRB_FB_CONF,"r"); #endif + if (cnffile) + set_cloexec_file(cnffile); return cnffile; } @@ -117,7 +121,8 @@ krb__get_realmsfile() if (!realmsfile) realmsfile = fopen(KRB_FB_RLM_TRANS, "r"); #endif + if (realmsfile) + set_cloexec_file(realmsfile); + return realmsfile; } - - diff --git a/src/lib/krb4/in_tkt.c b/src/lib/krb4/in_tkt.c index 26336e226..e2d071aec 100644 --- a/src/lib/krb4/in_tkt.c +++ b/src/lib/krb4/in_tkt.c @@ -1,7 +1,7 @@ /* * lib/krb4/in_tkt.c * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts + * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts * Institute of Technology. All Rights Reserved. * * Export of this software from the United States of America may @@ -49,6 +49,7 @@ extern int krb_debug; #include "k5-util.h" #define do_seteuid krb5_seteuid +#include "k5-platform.h" #ifndef O_SYNC #define O_SYNC 0 @@ -94,6 +95,8 @@ in_tkt(pname,pinst) return KFAILURE; /* file already exists, and permissions appear ok, so nuke it */ fd = open(file, O_RDWR|O_SYNC, 0); + if (fd >= 0) + set_cloexec_fd(fd); (void)unlink(file); if (me != metoo && do_seteuid(metoo) < 0) return KFAILURE; @@ -153,6 +156,8 @@ in_tkt(pname,pinst) ticket file. */ mask = umask(077); tktfile = open(file, O_RDWR|O_SYNC|O_CREAT|O_EXCL, 0600); + if (tktfile >= 0) + set_cloexec_fd(tktfile); umask(mask); if (me != metoo) { if (do_seteuid(metoo) < 0) { diff --git a/src/lib/krb4/kadm_net.c b/src/lib/krb4/kadm_net.c index a94aab846..89c87cc27 100644 --- a/src/lib/krb4/kadm_net.c +++ b/src/lib/krb4/kadm_net.c @@ -1,7 +1,7 @@ /* * lib/krb4/kadm_net.c * - * Copyright 1988, 2002 by the Massachusetts Institute of Technology. + * Copyright 1988, 2002, 2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -267,6 +267,7 @@ int kadm_cli_conn(Kadm_Client *client_parm) if ((client_parm->admin_fd = socket(client_parm->admin_addr.sin_family, SOCK_STREAM,0)) < 0) return KADM_NO_SOCK; /* couldnt create the socket */ + set_cloexec_fd(client_parm->admin_fd); if (SOCKET_CONNECT(client_parm->admin_fd, (struct sockaddr *) & client_parm->admin_addr, sizeof(client_parm->admin_addr))) { diff --git a/src/lib/krb4/klog.c b/src/lib/krb4/klog.c index 4e9661a89..b1cfa93b4 100644 --- a/src/lib/krb4/klog.c +++ b/src/lib/krb4/klog.c @@ -1,7 +1,7 @@ /* * lib/krb4/klog.c * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute of + * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute of * Technology. All Rights Reserved. * * Export of this software from the United States of America may @@ -36,6 +36,7 @@ #include "krb4int.h" #include <klog.h> +#include "k5-platform.h" static char *log_name = KRBLOG; static char logtxt[1000]; @@ -98,6 +99,7 @@ char * klog(type,format,a1,a2,a3,a4,a5,a6,a7,a8,a9,a0) if ((logfile = fopen(log_name,"a")) == NULL) return(logtxt); + set_cloexec_file(logfile); (void) time(&now); tm = localtime(&now); diff --git a/src/lib/krb4/kuserok.c b/src/lib/krb4/kuserok.c index 4078ec3c2..84a8ebde8 100644 --- a/src/lib/krb4/kuserok.c +++ b/src/lib/krb4/kuserok.c @@ -1,7 +1,7 @@ /* * lib/krb4/kuserok.c * - * Copyright 1987, 1988 by the Massachusetts Institute of Technology. + * Copyright 1987, 1988, 2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -45,6 +45,7 @@ /* just for F_OK for sco */ #include <sys/unistd.h> #endif +#include "k5-platform.h" #ifndef HAVE_SETEUID #ifdef HAVE_SETRESUID @@ -135,6 +136,7 @@ kuserok(kdata, luser) return(NOTOK); } } + set_cloexec_file(fp); /* * security: if the user does not own his own .klogin file, * do not grant access diff --git a/src/lib/krb4/log.c b/src/lib/krb4/log.c index ada6fdfe0..5be69eaf5 100644 --- a/src/lib/krb4/log.c +++ b/src/lib/krb4/log.c @@ -1,7 +1,7 @@ /* * lib/krb4/log.c * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute of + * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute of * Technology. All Rights Reserved. * * Export of this software from the United States of America may @@ -43,6 +43,7 @@ #include "krb4int.h" #include <klog.h> +#include "k5-platform.h" static char *log_name = KRBLOG; #if 0 @@ -80,6 +81,7 @@ void krb_log(const char *format,...) va_start(args, format); if ((logfile = fopen(log_name,"a")) != NULL) { + set_cloexec_file(logfile); (void) time(&now); tm = localtime(&now); @@ -128,6 +130,7 @@ krb_new_log(t,string) if (!is_open) { if ((logfile = fopen(log_name,"a")) == NULL) return(1); + set_cloexec_file(logfile); is_open = 1; } diff --git a/src/lib/krb4/put_svc_key.c b/src/lib/krb4/put_svc_key.c index dda60163d..53e53c71a 100644 --- a/src/lib/krb4/put_svc_key.c +++ b/src/lib/krb4/put_svc_key.c @@ -32,6 +32,7 @@ #ifdef HAVE_UNISTD_H #include <unistd.h> #endif +#include "k5-platform.h" #define KEYSZ sizeof(C_Block) /* strict put_svc_key. @@ -58,6 +59,7 @@ put_svc_key(sfile,name,inst,realm,newvno,key) if ((fd = open(sfile, O_RDWR)) < 0) return KFAILURE; + set_cloexec_fd(fd); while(getst(fd,fname,SNAME_SZ) > 0) { getst(fd,finst,INST_SZ); diff --git a/src/lib/krb4/rd_svc_key.c b/src/lib/krb4/rd_svc_key.c index 2728f4a1c..8aeb0999b 100644 --- a/src/lib/krb4/rd_svc_key.c +++ b/src/lib/krb4/rd_svc_key.c @@ -1,7 +1,7 @@ /* * rd_svc_key.c * - * Copyright 1985, 1986, 1987, 1988 by the Massachusetts Institute + * Copyright 1985, 1986, 1987, 1988, 2007 by the Massachusetts Institute * of Technology. * * For copying and distribution information, please see the file @@ -283,6 +283,7 @@ get_service_key(service,instance,realm,kvno,file,key) if ((stab = open(file, 0, 0)) < 0) return(KFAILURE); + set_cloexec_fd(stab); wcard = (instance[0] == '*') && (instance[1] == '\0'); /* get current realm if not passed in */ diff --git a/src/lib/krb4/tf_shm.c b/src/lib/krb4/tf_shm.c index bd08f7f72..2b040713c 100644 --- a/src/lib/krb4/tf_shm.c +++ b/src/lib/krb4/tf_shm.c @@ -1,7 +1,7 @@ /* * tf_shm.c * - * Copyright 1988 by the Massachusetts Institute of Technology. + * Copyright 1988, 2007 by the Massachusetts Institute of Technology. * * For copying and distribution information, please see the file * <mit-copyright.h>. @@ -86,7 +86,8 @@ char *file_name; perror("krb_shm_create file"); (void) shmctl(shmid, IPC_RMID, 0); return(KFAILURE); /* XXX */ - } + } + set_cloexec_file(sfile); if (fchmod(fileno(sfile),0600) < 0) { if (krb_debug) perror("krb_shm_create fchmod"); @@ -147,6 +148,7 @@ char *file; perror("cannot open shared memory file"); return(KFAILURE); /* XXX */ } + set_cloexec_file(sfile); if (fscanf(sfile,"%d",&shmid) == 1) { if (shmctl(shmid,IPC_RMID,0) != 0) { if (krb_debug) diff --git a/src/lib/krb4/tf_util.c b/src/lib/krb4/tf_util.c index b083c73b8..0bc05d75d 100644 --- a/src/lib/krb4/tf_util.c +++ b/src/lib/krb4/tf_util.c @@ -1,7 +1,7 @@ /* * lib/krb4/tf_util.c * - * Copyright 1985, 1986, 1987, 1988, 2000, 2001 by the Massachusetts + * Copyright 1985, 1986, 1987, 1988, 2000, 2001, 2007 by the Massachusetts * Institute of Technology. All Rights Reserved. * * Export of this software from the United States of America may @@ -419,6 +419,8 @@ int KRB5_CALLCONV tf_init(tf_name, rw) return KFAILURE; sfp = fopen(shmidname, "r"); /* only need read/write on the actual tickets */ + if (sfp != 0) + set_cloexec_file(sfp); if (me != metoo && do_seteuid(metoo) < 0) return KFAILURE; if (sfp == 0) { @@ -512,6 +514,8 @@ int KRB5_CALLCONV tf_init(tf_name, rw) if (me != metoo && do_seteuid(me) < 0) return KFAILURE; fd = open(tf_name, O_RDWR, 0600); + if (fd >= 0) + set_cloexec_fd(fd); if (me != metoo && do_seteuid(metoo) < 0) return KFAILURE; if (fd < 0) { @@ -572,6 +576,8 @@ int KRB5_CALLCONV tf_init(tf_name, rw) if (me != metoo && do_seteuid(me) < 0) return KFAILURE; fd = open(tf_name, O_RDONLY, 0600); + if (fd >= 0) + set_cloexec_fd(fd); if (me != metoo && do_seteuid(metoo) < 0) return KFAILURE; if (fd < 0) { diff --git a/src/lib/krb4/win_store.c b/src/lib/krb4/win_store.c index 74c79ac5a..9c2c37aa9 100644 --- a/src/lib/krb4/win_store.c +++ b/src/lib/krb4/win_store.c @@ -75,6 +75,8 @@ krb__get_cnffile() cnfname, sizeof(cnfname) - 1, KERBEROS_INI); cnffile = fopen(cnfname, "r"); + if (cnffile) + set_cloexec_file(cnffile); return cnffile; } @@ -109,6 +111,8 @@ krb__get_realmsfile() realmsname, sizeof(realmsname) - 1, KERBEROS_INI); realmsfile = fopen(realmsname, "r"); + if (realmsfile) + set_cloexec_file(realmsfile); return realmsfile; } diff --git a/src/lib/krb5/ccache/cc_file.c b/src/lib/krb5/ccache/cc_file.c index 9abf93f3d..62061497a 100644 --- a/src/lib/krb5/ccache/cc_file.c +++ b/src/lib/krb5/ccache/cc_file.c @@ -1252,6 +1252,7 @@ krb5_fcc_open_file (krb5_context context, krb5_ccache id, int mode) return krb5_fcc_interpret (context, errno); } } + set_cloexec_fd(f); data->mode = mode; @@ -1560,6 +1561,7 @@ krb5_fcc_destroy(krb5_context context, krb5_ccache id) kret = krb5_fcc_interpret(context, errno); goto cleanup; } + set_cloexec_fd(ret); data->file = ret; } else @@ -1980,6 +1982,7 @@ krb5_fcc_generate_new (krb5_context context, krb5_ccache *id) k5_mutex_unlock(&krb5int_cc_file_mutex); return krb5_fcc_interpret(context, errno); } + set_cloexec_fd(ret); /* Allocate memory */ data = (krb5_pointer) malloc(sizeof(krb5_fcc_data)); diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c index e6e04e326..1baa80096 100644 --- a/src/lib/krb5/keytab/kt_file.c +++ b/src/lib/krb5/keytab/kt_file.c @@ -1156,6 +1156,7 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode) } } } + set_cloexec_file(KTFILEP(id)); if ((kerror = krb5_lock_file(context, fileno(KTFILEP(id)), mode))) { (void) fclose(KTFILEP(id)); KTFILEP(id) = 0; diff --git a/src/lib/krb5/keytab/kt_srvtab.c b/src/lib/krb5/keytab/kt_srvtab.c index 5a80f32f9..e3dd00926 100644 --- a/src/lib/krb5/keytab/kt_srvtab.c +++ b/src/lib/krb5/keytab/kt_srvtab.c @@ -1,7 +1,7 @@ /* * lib/krb5/keytab/srvtab/kts_resolv.c * - * Copyright 1990,1991,2002 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2002,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -411,6 +411,7 @@ krb5_ktsrvint_open(krb5_context context, krb5_keytab id) KTFILEP(id) = fopen(KTFILENAME(id), READ_MODE); if (!KTFILEP(id)) return errno; + set_cloexec_file(KTFILEP(id)); return 0; } diff --git a/src/lib/krb5/os/kuserok.c b/src/lib/krb5/os/kuserok.c index 1505c82cd..719faaebe 100644 --- a/src/lib/krb5/os/kuserok.c +++ b/src/lib/krb5/os/kuserok.c @@ -1,7 +1,7 @@ /* * lib/krb5/os/kuserok.c * - * Copyright 1990,1993 by the Massachusetts Institute of Technology. + * Copyright 1990,1993,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -110,6 +110,7 @@ krb5_kuserok(krb5_context context, krb5_principal principal, const char *luser) free(princname); return(FALSE); } + set_cloexec_file(fp); /* * For security reasons, the .k5login file must be owned either by * the user himself, or by root. Otherwise, don't grant access. diff --git a/src/lib/krb5/os/localaddr.c b/src/lib/krb5/os/localaddr.c index 75953b1f3..e139ca4d3 100644 --- a/src/lib/krb5/os/localaddr.c +++ b/src/lib/krb5/os/localaddr.c @@ -1,7 +1,7 @@ /* * lib/krb5/os/localaddr.c * - * Copyright 1990,1991,2000,2001,2002,2004 by the Massachusetts Institute of Technology. + * Copyright 1990,1991,2000,2001,2002,2004,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -363,6 +363,7 @@ get_linux_ipv6_addrs () int i; unsigned int addrbyte[16]; + set_cloexec_file(f); while (fscanf(f, "%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x%2x" " %2x %2x %2x %2x %20s\n", @@ -543,6 +544,7 @@ foreach_localaddr (/*@null@*/ void *data, Tperror ("socket"); continue; } + set_cloexec_fd(P.sock); P.lifnum.lifn_family = P.af; P.lifnum.lifn_flags = 0; @@ -718,6 +720,7 @@ foreach_localaddr (/*@null@*/ void *data, Tperror ("socket"); continue; } + set_cloexec_fd(P.sock); code = ioctl (P.sock, SIOCGLIFNUM, &P.if_num); if (code) { @@ -939,6 +942,7 @@ foreach_localaddr (/*@null@*/ void *data, s = socket (USE_AF, USE_TYPE, USE_PROTO); if (s < 0) return SOCKET_ERRNO; + set_cloexec_fd(s); retval = get_ifreq_array(&buf, &n, s); if (retval) { @@ -1450,6 +1454,7 @@ static struct hostent *local_addr_fallback_kludge() sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock == INVALID_SOCKET) return NULL; + set_cloexec_fd(sock); /* connect to arbitrary port and address (NOT loopback) */ addr.sin_family = AF_INET; diff --git a/src/lib/krb5/os/prompter.c b/src/lib/krb5/os/prompter.c index 739c8c747..36803ecaf 100644 --- a/src/lib/krb5/os/prompter.c +++ b/src/lib/krb5/os/prompter.c @@ -60,6 +60,7 @@ krb5_prompter_posix( fd = dup(STDIN_FILENO); if (fd < 0) return KRB5_LIBOS_CANTREADPWD; + set_cloexec_fd(fd); fp = fdopen(fd, "r"); if (fp == NULL) goto cleanup; diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c index 999274736..050aec5f9 100644 --- a/src/lib/krb5/os/sendto_kdc.c +++ b/src/lib/krb5/os/sendto_kdc.c @@ -677,6 +677,7 @@ start_connection (struct conn_state *state, dprint("socket: fd %d too high\n", fd); return -1; } + set_cloexec_fd(fd); /* Make it non-blocking. */ if (ai->ai_socktype == SOCK_STREAM) { static const int one = 1; diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c index 32357283e..b76a8dd0c 100644 --- a/src/lib/krb5/rcache/rc_io.c +++ b/src/lib/krb5/rcache/rc_io.c @@ -143,6 +143,7 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn) goto cleanup; } } + set_cloexec_fd(d->fd); retval = krb5_rc_io_write(context, d, (krb5_pointer)&rc_vno, sizeof(rc_vno)); if (retval) @@ -239,6 +240,7 @@ krb5_rc_io_open_internal(krb5_context context, krb5_rc_iostuff *d, char *fn, goto cleanup; } } + set_cloexec_fd(d->fd); do_not_unlink = 0; retval = krb5_rc_io_read(context, d, (krb5_pointer) &rc_vno, @@ -341,6 +343,7 @@ krb5_rc_io_move(krb5_context context, krb5_rc_iostuff *new1, (void) krb5_rc_io_close(context, new1); new1->fn = fn; new1->fd = dup(old->fd); + set_cloexec_fd(new1->fd); return 0; #endif } diff --git a/src/lib/rpc/Makefile.in b/src/lib/rpc/Makefile.in index 729290ad6..286b65d5e 100644 --- a/src/lib/rpc/Makefile.in +++ b/src/lib/rpc/Makefile.in @@ -402,14 +402,16 @@ pmap_prot2.so pmap_prot2.po $(OUTPRE)pmap_prot2.$(OBJEXT): \ $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ pmap_prot2.c pmap_rmt.so pmap_rmt.po $(OUTPRE)pmap_rmt.$(OBJEXT): \ - $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ - $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ - $(SRCTOP)/include/gssrpc/auth_unix.h $(SRCTOP)/include/gssrpc/clnt.h \ - $(SRCTOP)/include/gssrpc/pmap_clnt.h $(SRCTOP)/include/gssrpc/pmap_prot.h \ - $(SRCTOP)/include/gssrpc/pmap_rmt.h $(SRCTOP)/include/gssrpc/rename.h \ - $(SRCTOP)/include/gssrpc/rpc.h $(SRCTOP)/include/gssrpc/rpc_msg.h \ - $(SRCTOP)/include/gssrpc/svc.h $(SRCTOP)/include/gssrpc/svc_auth.h \ - $(SRCTOP)/include/gssrpc/xdr.h pmap_rmt.c + $(BUILDTOP)/include/autoconf.h $(BUILDTOP)/include/gssapi/gssapi.h \ + $(BUILDTOP)/include/gssrpc/types.h $(SRCTOP)/include/gssrpc/auth.h \ + $(SRCTOP)/include/gssrpc/auth_gss.h $(SRCTOP)/include/gssrpc/auth_unix.h \ + $(SRCTOP)/include/gssrpc/clnt.h $(SRCTOP)/include/gssrpc/pmap_clnt.h \ + $(SRCTOP)/include/gssrpc/pmap_prot.h $(SRCTOP)/include/gssrpc/pmap_rmt.h \ + $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ + $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ + $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ + pmap_rmt.c rpc_prot.so rpc_prot.po $(OUTPRE)rpc_prot.$(OBJEXT): \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ $(SRCTOP)/include/gssrpc/auth.h $(SRCTOP)/include/gssrpc/auth_gss.h \ @@ -514,6 +516,7 @@ svc_tcp.so svc_tcp.po $(OUTPRE)svc_tcp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ svc_tcp.c svc_udp.so svc_udp.po $(OUTPRE)svc_udp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \ $(BUILDTOP)/include/gssapi/gssapi.h $(BUILDTOP)/include/gssrpc/types.h \ @@ -522,6 +525,7 @@ svc_udp.so svc_udp.po $(OUTPRE)svc_udp.$(OBJEXT): $(BUILDTOP)/include/autoconf.h $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/rpc.h \ $(SRCTOP)/include/gssrpc/rpc_msg.h $(SRCTOP)/include/gssrpc/svc.h \ $(SRCTOP)/include/gssrpc/svc_auth.h $(SRCTOP)/include/gssrpc/xdr.h \ + $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-thread.h \ svc_udp.c xdr.so xdr.po $(OUTPRE)xdr.$(OBJEXT): $(BUILDTOP)/include/gssrpc/types.h \ $(SRCTOP)/include/gssrpc/rename.h $(SRCTOP)/include/gssrpc/xdr.h \ diff --git a/src/lib/rpc/get_myaddress.c b/src/lib/rpc/get_myaddress.c index 871c8fcb1..884a19b70 100644 --- a/src/lib/rpc/get_myaddress.c +++ b/src/lib/rpc/get_myaddress.c @@ -90,6 +90,7 @@ get_myaddress(struct sockaddr_in *addr) perror("get_myaddress: socket"); exit(1); } + set_cloexec_fd(s); ifc.ifc_len = sizeof (buf); ifc.ifc_buf = buf; if (ioctl(s, SIOCGIFCONF, (char *)&ifc) < 0) { diff --git a/src/lib/rpc/getrpcent.c b/src/lib/rpc/getrpcent.c index a91a7a5bb..065403937 100644 --- a/src/lib/rpc/getrpcent.c +++ b/src/lib/rpc/getrpcent.c @@ -125,9 +125,11 @@ SETRPCENT_TYPE setrpcent(int f) if (d == 0) return; - if (d->rpcf == NULL) + if (d->rpcf == NULL) { d->rpcf = fopen(RPCDB, "r"); - else + if (d->rpcf) + set_cloexec_file(d->rpcf); + } else rewind(d->rpcf); if (d->current) free(d->current); @@ -162,9 +164,12 @@ getrpcent(void) if (d == 0) return(NULL); - if (d->rpcf == NULL && (d->rpcf = fopen(RPCDB, "r")) == NULL) + if (d->rpcf == NULL) { + if ((d->rpcf = fopen(RPCDB, "r")) == NULL) return (NULL); - if (fgets(d->line, BUFSIZ, d->rpcf) == NULL) + set_cloexec_file(d->rpcf); + } + if (fgets(d->line, BUFSIZ, d->rpcf) == NULL) return (NULL); return interpret(d->line, strlen(d->line)); } diff --git a/src/lib/rpc/pmap_rmt.c b/src/lib/rpc/pmap_rmt.c index 062a5e19f..71804ab7e 100644 --- a/src/lib/rpc/pmap_rmt.c +++ b/src/lib/rpc/pmap_rmt.c @@ -59,6 +59,7 @@ static char sccsid[] = "@(#)pmap_rmt.c 1.21 87/08/27 Copyr 1984 Sun Micro"; #include <arpa/inet.h> #define MAX_BROADCAST_SIZE 1400 #include <string.h> +#include "k5-platform.h" /* set_cloexec_fd */ static struct timeval timeout = { 3, 0 }; @@ -278,6 +279,7 @@ clnt_broadcast( stat = RPC_CANTSEND; goto done_broad; } + set_cloexec_fd(sock); #ifdef SO_BROADCAST if (setsockopt(sock, SOL_SOCKET, SO_BROADCAST, (char *) &on, sizeof (on)) < 0) { diff --git a/src/lib/rpc/svc_tcp.c b/src/lib/rpc/svc_tcp.c index d49cf3672..e48d50455 100644 --- a/src/lib/rpc/svc_tcp.c +++ b/src/lib/rpc/svc_tcp.c @@ -49,6 +49,7 @@ static char sccsid[] = "@(#)svc_tcp.c 1.21 87/08/11 Copyr 1984 Sun Micro"; #include <errno.h> #include <stdlib.h> #include "autoconf.h" +#include "k5-platform.h" /* set_cloexec_fd */ /*extern bool_t abort(); extern errno; */ @@ -143,6 +144,7 @@ svctcp_create( perror("svctcp_.c - udp socket creation problem"); return ((SVCXPRT *)NULL); } + set_cloexec_fd(sock); madesock = TRUE; } memset((char *)&addr, 0, sizeof (addr)); @@ -261,6 +263,7 @@ rendezvous_request( goto again; return (FALSE); } + set_cloexec_fd(sock); if (getsockname(sock, &laddr, &llen) < 0) return (FALSE); diff --git a/src/lib/rpc/svc_udp.c b/src/lib/rpc/svc_udp.c index 49c555fe2..de1b30f4f 100644 --- a/src/lib/rpc/svc_udp.c +++ b/src/lib/rpc/svc_udp.c @@ -49,6 +49,7 @@ static char sccsid[] = "@(#)svc_udp.c 1.24 87/08/11 Copyr 1984 Sun Micro"; #ifdef HAVE_SYS_UIO_H #include <sys/uio.h> #endif +#include "k5-platform.h" #define rpc_buffer(xprt) ((xprt)->xp_p1) @@ -118,6 +119,7 @@ svcudp_bufcreate( perror("svcudp_create: socket creation problem"); return ((SVCXPRT *)NULL); } + set_cloexec_fd(sock); madesock = TRUE; } memset((char *)&addr, 0, sizeof (addr)); |