summaryrefslogtreecommitdiff
path: root/bin
diff options
context:
space:
mode:
authorPhilip Guenthe <guenther@cvs.openbsd.org>2012-08-23 00:08:37 +0000
committerPhilip Guenthe <guenther@cvs.openbsd.org>2012-08-23 00:08:37 +0000
commit0f00c9bf52870a9dbcbd3d7fcc0b9c42b7b8598e (patch)
tree099f2772294f68fa662748353f8106b5ef3d07c9 /bin
parent1f26125669866612ffdb6de97081736444827832 (diff)
Reopen the systrace file in the process that will actually attach to the
target process(es), so that systrace files can be made unsharable. ok djm@
Diffstat (limited to 'bin')
-rw-r--r--bin/systrace/intercept.c18
-rw-r--r--bin/systrace/intercept.h4
-rw-r--r--bin/systrace/systrace.c6
3 files changed, 18 insertions, 10 deletions
diff --git a/bin/systrace/intercept.c b/bin/systrace/intercept.c
index 0c0ffe310ed..3dfb223b716 100644
--- a/bin/systrace/intercept.c
+++ b/bin/systrace/intercept.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: intercept.c,v 1.58 2011/10/18 20:01:28 matthew Exp $ */
+/* $OpenBSD: intercept.c,v 1.59 2012/08/23 00:08:36 guenther Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@@ -266,7 +266,7 @@ intercept_setpid(struct intercept_pid *icpid, uid_t uid, gid_t gid)
}
pid_t
-intercept_run(int bg, int fd, uid_t uid, gid_t gid,
+intercept_run(int bg, int *fdp, uid_t uid, gid_t gid,
char *path, char *const argv[])
{
struct intercept_pid *icpid;
@@ -285,6 +285,13 @@ intercept_run(int bg, int fd, uid_t uid, gid_t gid,
if (ohandler == SIG_ERR)
err(1, "signal");
+ /*
+ * If systrace process will be the child then we must reopen
+ * the fd in the child after the fork
+ */
+ if (bg)
+ close(*fdp);
+
pid = getpid();
cpid = fork();
if (cpid == -1)
@@ -295,9 +302,6 @@ intercept_run(int bg, int fd, uid_t uid, gid_t gid,
* the parent, or vice versa.
*/
if ((!bg && cpid == 0) || (bg && cpid != 0)) {
- /* Needs to be closed */
- close(fd);
-
if (bg) {
/* Wait for child to "detach" */
cpid = wait(&status);
@@ -366,6 +370,10 @@ intercept_run(int bg, int fd, uid_t uid, gid_t gid,
kill(pid, SIGKILL);
err(1, "daemon");
}
+ if ((*fdp = intercept_open()) == -1) {
+ kill(pid, SIGKILL);
+ err(1, "intercept_open");
+ }
}
return (pid);
diff --git a/bin/systrace/intercept.h b/bin/systrace/intercept.h
index 9a2f23b50ed..9ae38689f65 100644
--- a/bin/systrace/intercept.h
+++ b/bin/systrace/intercept.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: intercept.h,v 1.25 2011/09/18 23:24:14 matthew Exp $ */
+/* $OpenBSD: intercept.h,v 1.26 2012/08/23 00:08:36 guenther Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@@ -143,7 +143,7 @@ struct intercept_replace {
TAILQ_HEAD(intercept_tlq, intercept_translate);
int intercept_init(void);
-pid_t intercept_run(int, int, uid_t, gid_t, char *, char * const *);
+pid_t intercept_run(int, int *, uid_t, gid_t, char *, char * const *);
int intercept_open(void);
int intercept_attach(int, pid_t);
int intercept_attachpid(int, pid_t, char *);
diff --git a/bin/systrace/systrace.c b/bin/systrace/systrace.c
index 0c998e125ee..2395e04b07a 100644
--- a/bin/systrace/systrace.c
+++ b/bin/systrace/systrace.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: systrace.c,v 1.56 2007/11/26 09:28:33 martynas Exp $ */
+/* $OpenBSD: systrace.c,v 1.57 2012/08/23 00:08:36 guenther Exp $ */
/*
* Copyright 2002 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@@ -762,10 +762,10 @@ main(int argc, char **argv)
args[i] = NULL;
if (setcredentials)
- trpid = intercept_run(background, trfd,
+ trpid = intercept_run(background, &trfd,
cr_uid, cr_gid, args[0], args);
else
- trpid = intercept_run(background, trfd, 0, 0,
+ trpid = intercept_run(background, &trfd, 0, 0,
args[0], args);
if (trpid == -1)
err(1, "fork");