On Mon, Oct 23 2017, Jeremie Courreges-Anglas <j...@wxcvbn.org> wrote: > On Mon, Oct 23 2017, "Todd C. Miller" <todd.mil...@courtesan.com> wrote: >> On Mon, 23 Oct 2017 09:05:48 +0200, Jeremie Courreges-Anglas wrote: >> >>> That doesn't work. When here, we hold cronSock and dfd (should be 3 and >>> 4). We need dfd to get fd (should be 5), thus we can't just use >>> "closefrom(3)". The straightest way IMO is to close what we should >>> close (including dfd), but this means making cronSock a global. >> >> OK millert@ >> >>> I would also propose sprinkling more O_CLOEXEC magic but that can be in >>> another diff. >> >> Sure. > > Here it is. Liberal use of O_CLOEXEC except for poke_daemon() which is > more obvious (but I can add it there too if you prefer). cronSock > already uses SOCK_CLOEXEC. > > ok?
Note: there may be others places where we could use close-on-exec mode "e" for fopen, not sure about this yet. Feel free to beat me to it. :) > > Index: atrun.c > =================================================================== > RCS file: /cvs/src/usr.sbin/cron/atrun.c,v > retrieving revision 1.47 > diff -u -p -r1.47 atrun.c > --- atrun.c 23 Oct 2017 15:15:22 -0000 1.47 > +++ atrun.c 23 Oct 2017 15:26:45 -0000 > @@ -83,7 +83,8 @@ scan_atjobs(at_db **db, struct timespec > struct dirent *file; > struct stat sb; > > - if ((dfd = open(_PATH_AT_SPOOL, O_RDONLY|O_DIRECTORY)) == -1) { > + dfd = open(_PATH_AT_SPOOL, O_RDONLY|O_DIRECTORY|O_CLOEXEC); > + if (dfd == -1) { > syslog(LOG_ERR, "(CRON) OPEN FAILED (%s)", _PATH_AT_SPOOL); > return (0); > } > @@ -175,7 +176,8 @@ atrun(at_db *db, double batch_maxload, t > if (db == NULL) > return; > > - if ((dfd = open(_PATH_AT_SPOOL, O_RDONLY|O_DIRECTORY)) == -1) { > + dfd = open(_PATH_AT_SPOOL, O_RDONLY|O_DIRECTORY|O_CLOEXEC); > + if (dfd == -1) { > syslog(LOG_ERR, "(CRON) OPEN FAILED (%s)", _PATH_AT_SPOOL); > return; > } > @@ -262,7 +264,8 @@ run_job(const atjob *job, int dfd, const > char *nargv[2], *nenvp[1]; > > /* Open the file and unlink it so we don't try running it again. */ > - if ((fd = openat(dfd, atfile, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) < 0) { > + fd = openat(dfd, atfile, O_RDONLY|O_NONBLOCK|O_NOFOLLOW|O_CLOEXEC, 0); > + if (fd == -1) { > syslog(LOG_ERR, "(CRON) CAN'T OPEN (%s)", atfile); > return; > } > Index: database.c > =================================================================== > RCS file: /cvs/src/usr.sbin/cron/database.c,v > retrieving revision 1.35 > diff -u -p -r1.35 database.c > --- database.c 7 Jun 2017 23:36:43 -0000 1.35 > +++ database.c 23 Oct 2017 15:26:45 -0000 > @@ -182,7 +182,8 @@ process_crontab(int dfd, const char *una > goto next_crontab; > } > > - crontab_fd = openat(dfd, fname, O_RDONLY|O_NONBLOCK|O_NOFOLLOW); > + crontab_fd = openat(dfd, fname, > + O_RDONLY|O_NONBLOCK|O_NOFOLLOW|O_CLOEXEC); > if (crontab_fd < 0) { > /* crontab not accessible? > */ -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE