diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-26 16:18:36 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-26 16:18:36 +0000 |
| commit | 6c3ea4f47ea280811a7fe53a22f7832e4533c9ec (patch) | |
| tree | 3d7ed5da23b5dbf6f9e450dfb61642832249c31e /lib/fd.c | |
| parent | Adding upstream version 1:4.13+dfsg1. (diff) | |
| download | shadow-6c3ea4f47ea280811a7fe53a22f7832e4533c9ec.tar.xz shadow-6c3ea4f47ea280811a7fe53a22f7832e4533c9ec.zip | |
Adding upstream version 1:4.15.2.upstream/1%4.15.2upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
| -rw-r--r-- | lib/fd.c | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/lib/fd.c b/lib/fd.c new file mode 100644 index 0000000..bcfa374 --- /dev/null +++ b/lib/fd.c @@ -0,0 +1,41 @@ +// SPDX-FileCopyrightText: 2024, Skyler Ferrante <sjf5462@rit.edu> +// SPDX-License-Identifier: BSD-3-Clause + +/** + * To protect against file descriptor omission attacks, we open the std file + * descriptors with /dev/null if they are not already open. Code is based on + * fix_fds from sudo.c. + */ + +#include <fcntl.h> +#include <stdlib.h> +#include <unistd.h> + +#include "prototypes.h" + +static void check_fd(int fd); + +void +check_fds(void) +{ + /** + * Make sure stdin, stdout, stderr are open + * If they are closed, set them to /dev/null + */ + check_fd(STDIN_FILENO); + check_fd(STDOUT_FILENO); + check_fd(STDERR_FILENO); +} + +static void +check_fd(int fd) +{ + int devnull; + + if (fcntl(fd, F_GETFL, 0) != -1) + return; + + devnull = open("/dev/null", O_RDWR); + if (devnull != fd) + abort(); +} |