diff options
author | Simon McVittie <smcv@debian.org> | 2015-08-19 23:47:40 +0100 |
---|---|---|
committer | Simon McVittie <smcv@debian.org> | 2015-08-25 16:42:48 +0100 |
commit | 8142d161f6727f4d0ab42eed64e1ba1949ef77db (patch) | |
tree | fcbb974b220a559b13495b9afc52ce8e19694afe | |
parent | 0a0206d9a63333dada18a3db966b80e6940aa021 (diff) | |
download | dbus-8142d161f6727f4d0ab42eed64e1ba1949ef77db.tar.gz |
audit: make the first few fds close-on-exec
libcap-ng < 0.7.7 leaks one non-close-on-exec fd during initialization.
test-bus asserts that all fds beyond 2 passed to an executed subprocess
have the close-on-exec flag set, which will fail at that leaked fd.
This was unnoticed until commit 517c4685, because libaudit was
previously only initialized if we were configured to switch uid,
which the regression tests do not do; the system bus is normally
the only place that happens, but the system bus is not normally
run with the "embedded tests" enabled (since they are bad
for performance and security).
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=91684
Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
-rw-r--r-- | bus/audit.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/bus/audit.c b/bus/audit.c index 954afa71..7705e425 100644 --- a/bus/audit.c +++ b/bus/audit.c @@ -52,8 +52,15 @@ void bus_audit_init (BusContext *context) { #ifdef HAVE_LIBAUDIT + int i; + capng_get_caps_process (); + /* Work around a bug in libcap-ng < 0.7.7: it leaks a fd, which isn't + * close-on-exec. Assume it will be one of the first few fds. */ + for (i = 3; i < 42; i++) + _dbus_fd_set_close_on_exec (i); + if (!capng_have_capability (CAPNG_EFFECTIVE, CAP_AUDIT_WRITE)) return; |