shithub: riscv

Download patch

ref: f433f1426b10dc7bdd313ee72b842e27089f88f1
parent: f341ae8c777dda2876beb4d4a1c67c4e920595ca
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Mon Dec 7 11:46:34 EST 2020 

libauth: open internal file-descriptors with OCEXEC flag


--- a/sys/src/libauth/auth_challenge.c
+++ b/sys/src/libauth/auth_challenge.c
@@ -23,7 +23,7 @@
 		return nil;
 	}
 
-	if((c->afd = open("/mnt/factotum/rpc", ORDWR)) < 0){
+	if((c->afd = open("/mnt/factotum/rpc", ORDWR|OCEXEC)) < 0){
 	Error:
 		auth_freechal(c);
 		free(p);
--- a/sys/src/libauth/auth_chuid.c
+++ b/sys/src/libauth/auth_chuid.c
@@ -16,7 +16,7 @@
 	}
 
 	/* change uid */
-	fd = open("#¤/capuse", OWRITE);
+	fd = open("#¤/capuse", OWRITE|OCEXEC);
 	if(fd < 0){
 		werrstr("opening #¤/capuse: %r");
 		return -1;
@@ -29,10 +29,10 @@
 	}
 
 	/* get a link to factotum as new user */
-	fd = open("/srv/factotum", ORDWR);
+	fd = open("/srv/factotum", ORDWR|OCEXEC);
 	if(fd >= 0){
-		mount(fd, -1, "/mnt", MREPL, "");
-		close(fd);
+		if(mount(fd, -1, "/mnt", MREPL, "") == -1)
+			close(fd);
 	}
 
 	/* set up new namespace */
--- a/sys/src/libauth/auth_getuserpasswd.c
+++ b/sys/src/libauth/auth_getuserpasswd.c
@@ -32,12 +32,11 @@
 	UserPasswd *up;
 
 	up = nil;
-	rpc = nil;
 	params = nil;
 
-	fd = open("/mnt/factotum/rpc", ORDWR);
+	fd = open("/mnt/factotum/rpc", ORDWR|OCEXEC);
 	if(fd < 0)
-		goto out;
+		return nil;
 	rpc = auth_allocrpc(fd);
 	if(rpc == nil)
 		goto out;
@@ -69,7 +68,7 @@
 
 out:
 	free(params);
-	auth_freerpc(rpc);
 	close(fd);
+	auth_freerpc(rpc);
 	return up;
 }
--- a/sys/src/libauth/auth_proxy.c
+++ b/sys/src/libauth/auth_proxy.c
@@ -200,7 +200,7 @@
 	va_end(arg);
 
 	ai = nil;
-	afd = open("/mnt/factotum/rpc", ORDWR);
+	afd = open("/mnt/factotum/rpc", ORDWR|OCEXEC);
 	if(afd < 0){
 		werrstr("opening /mnt/factotum/rpc: %r");
 		free(p);
--- a/sys/src/libauth/auth_respond.c
+++ b/sys/src/libauth/auth_respond.c
@@ -31,7 +31,7 @@
 	AuthRpc *rpc;
 	Attr *a;
 
-	if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0)
+	if((afd = open("/mnt/factotum/rpc", ORDWR|OCEXEC)) < 0)
 		return -1;
 	
 	if((rpc = auth_allocrpc(afd)) == nil){
--- a/sys/src/libauth/auth_userpasswd.c
+++ b/sys/src/libauth/auth_userpasswd.c
@@ -11,7 +11,7 @@
 	char *s;
 	int afd;
 
-	afd = open("/mnt/factotum/rpc", ORDWR);
+	afd = open("/mnt/factotum/rpc", ORDWR|OCEXEC);
 	if(afd < 0)
 		return nil;
 	ai = nil;
--- a/sys/src/libauth/newns.c
+++ b/sys/src/libauth/newns.c
@@ -41,7 +41,7 @@
 
 	rpc = nil;
 	/* try for factotum now because later is impossible */
-	afd = open("/mnt/factotum/rpc", ORDWR);
+	afd = open("/mnt/factotum/rpc", ORDWR|OCEXEC);
 	if(afd < 0 && newnsdebug)
 		fprint(2, "open /mnt/factotum/rpc: %r\n");
 	if(afd >= 0){
@@ -58,8 +58,8 @@
 		}
 		file = "/lib/namespace";
 	}
-	b = Bopen(file, OREAD);
-	if(b == 0){
+	b = Bopen(file, OREAD|OCEXEC);
+	if(b == nil){
 		werrstr("can't open %s: %r", file);
 		return freecloserpc(rpc);
 	}
@@ -135,6 +135,8 @@
 			auth_freeAI(ai);
 	}
 	ret = mount(fd, afd, mntpt, flags, aname);
+	if(ret == -1)
+		close(fd);
 	if(afd >= 0)
 		close(afd);
 	return ret;
@@ -151,7 +153,7 @@
 
 	cdroot = 0;
 	flags = 0;
-	argv0 = 0;
+	argv0 = nil;
 	if(newnsdebug){
 		for (i = 0; i < argc; i++)
 			fprint(2, "%s ", argv[i]);
@@ -176,7 +178,7 @@
 		flags |= MREPL;
 
 	if(strcmp(argv0, ".") == 0 && argc == 1){
-		b = Bopen(argv[0], OREAD);
+		b = Bopen(argv[0], OREAD|OCEXEC);
 		if(b == nil)
 			return 0;
 		cdroot |= nsfile(fn, b, rpc);
@@ -192,7 +194,7 @@
 		else if(argc == 2)
 			unmount(argv[0], argv[1]);
 	}else if(strcmp(argv0, "mount") == 0){
-		fd = open(argv[0], ORDWR);
+		fd = open(argv[0], ORDWR|OCEXEC);
 		if(fd < 0){
 			if(newnsdebug)
 				fprint(2, "%s: mount: %s: %r\n", fn, argv[0]);
@@ -204,8 +206,9 @@
 		}else if(argc == 3){
 			if(famount(fd, rpc, argv[1], flags, argv[2]) == -1 && newnsdebug)
 				fprint(2, "%s: mount: %s %s %s: %r\n", fn, argv[0], argv[1], argv[2]);
+		} else {
+			close(fd);
 		}
-		close(fd);
 	}else if(strcmp(argv0, "cd") == 0 && argc == 1){
 		if(chdir(argv[0]) == 0 && *argv[0] == '/')
 			cdroot = 1;
@@ -316,7 +319,7 @@
 		strcpy(env, "#e/");
 		strncpy(env+3, p, len);
 		env[3+len] = '\0';
-		fd = open(env, OREAD);
+		fd = open(env, OREAD|OCEXEC);
 		if(fd >= 0){
 			len = read(fd, &buf[n], ANAMELEN - 1);
 			/* some singleton environment variables have trailing NULs */
@@ -345,7 +348,7 @@
 	long s;
 
 	sprint(ename, "#e/%s", name);
-	f = create(ename, OWRITE, 0664);
+	f = create(ename, OWRITE|OCEXEC, 0664);
 	if(f < 0)
 		return -1;
 	s = strlen(val);
--- a/sys/src/libauth/noworld.c
+++ b/sys/src/libauth/noworld.c
@@ -15,7 +15,7 @@
 	char *p;
 	int n;
 
-	b = Bopen("/adm/users", OREAD);
+	b = Bopen("/adm/users", OREAD|OCEXEC);
 	if(b == nil)
 		return 0;
 	while((p = Brdline(b, '\n')) != nil){
--