audit: make the first few fds close-on-exec

libcap-ng < 0.7.7 leaks one non-close-on-exec fd during initialization. test-bus asserts that all fds beyond 2 passed to an executed subprocess have the close-on-exec flag set, which will fail at that leaked fd. This was unnoticed until commit 517c4685, because libaudit was previously only initialized if we were configured to switch uid, which the regression tests do not do; the system bus is normally the only place that happens, but the system bus is not normally run with the "embedded tests" enabled (since they are bad for performance and security). Bug: https://bugs.freedesktop.org/show_bug.cgi?id=91684 Reviewed-by: Philip Withnall <philip.withnall@collabora.co.uk>
author: Simon McVittie <smcv@debian.org> 2015-08-19 23:47:40 +0100
committer: Simon McVittie <smcv@debian.org> 2015-08-25 16:42:48 +0100
commit: 8142d161f6727f4d0ab42eed64e1ba1949ef77db (patch)
tree: fcbb974b220a559b13495b9afc52ce8e19694afe
parent: 0a0206d9a63333dada18a3db966b80e6940aa021 (diff)
download: dbus-8142d161f6727f4d0ab42eed64e1ba1949ef77db.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/bus/audit.c b/bus/audit.c
index 954afa71..7705e425 100644
--- a/bus/audit.c
+++ b/bus/audit.c
@@ -52,8 +52,15 @@ void
 bus_audit_init (BusContext *context)
 {
 #ifdef HAVE_LIBAUDIT
+  int i;
+
   capng_get_caps_process ();
 
+  /* Work around a bug in libcap-ng < 0.7.7: it leaks a fd, which isn't
+   * close-on-exec. Assume it will be one of the first few fds. */
+  for (i = 3; i < 42; i++)
+    _dbus_fd_set_close_on_exec (i);
+
   if (!capng_have_capability (CAPNG_EFFECTIVE, CAP_AUDIT_WRITE))
     return;
author	Simon McVittie <smcv@debian.org>	2015-08-19 23:47:40 +0100
committer	Simon McVittie <smcv@debian.org>	2015-08-25 16:42:48 +0100
commit	8142d161f6727f4d0ab42eed64e1ba1949ef77db (patch)
tree	fcbb974b220a559b13495b9afc52ce8e19694afe
parent	0a0206d9a63333dada18a3db966b80e6940aa021 (diff)
download	dbus-8142d161f6727f4d0ab42eed64e1ba1949ef77db.tar.gz