diff options
| author | Kenneth R Westerback <krw@cvs.openbsd.org> | 2016-04-02 14:37:43 +0000 |
|---|---|---|
| committer | Kenneth R Westerback <krw@cvs.openbsd.org> | 2016-04-02 14:37:43 +0000 |
| commit | 0b87d85abbce175e36d5967d4f9265f9c1490f69 (patch) | |
| tree | 78a26ada07461d5c0d8f79a945e97c01b3d45ee2 /usr.bin/skeyaudit | |
| parent | e8c3a9bb9311c0efecbba67271f359018b5fc841 (diff) | |
Another use for fcntl() and thus of the superfluous 3rd parameter
is when sanitising standard fd's before calling daemon().
Use a tweaked version of the ssh(1) function in all three places
found using fcntl() this way.
ok jca@ beck@
Diffstat (limited to 'usr.bin/skeyaudit')
| -rw-r--r-- | usr.bin/skeyaudit/skeyaudit.c | 40 |
1 files changed, 30 insertions, 10 deletions
diff --git a/usr.bin/skeyaudit/skeyaudit.c b/usr.bin/skeyaudit/skeyaudit.c index 335382d8292..c42591c34f0 100644 --- a/usr.bin/skeyaudit/skeyaudit.c +++ b/usr.bin/skeyaudit/skeyaudit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skeyaudit.c,v 1.26 2015/11/01 14:02:37 tim Exp $ */ +/* $OpenBSD: skeyaudit.c,v 1.27 2016/04/02 14:37:42 krw Exp $ */ /* * Copyright (c) 1997, 2000, 2003 Todd C. Miller <Todd.Miller@courtesan.com> @@ -36,9 +36,33 @@ #include <skey.h> void notify(struct passwd *, int, int); +void sanitise_stdfd(void); FILE *runsendmail(struct passwd *, int *); __dead void usage(void); +void +sanitise_stdfd(void) +{ + int nullfd, dupfd; + + if ((nullfd = dupfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { + fprintf(stderr, "Couldn't open /dev/null: %s\n", + strerror(errno)); + exit(1); + } + while (++dupfd <= STDERR_FILENO) { + /* Only populate closed fds. */ + if (fcntl(dupfd, F_GETFL) == -1 && errno == EBADF) { + if (dup2(nullfd, dupfd) == -1) { + fprintf(stderr, "dup2: %s\n", strerror(errno)); + exit(1); + } + } + } + if (nullfd > STDERR_FILENO) + close(nullfd); +} + int main(int argc, char **argv) { @@ -80,19 +104,15 @@ main(int argc, char **argv) err(1, "pledge"); } + /* If we are in interactive mode, STDOUT_FILENO *must* be open. */ + if (iflag && fcntl(STDOUT_FILENO, F_GETFL) == -1 && errno == EBADF) + exit(1); + /* * Make sure STDIN_FILENO, STDOUT_FILENO, and STDERR_FILENO are open. * If not, open /dev/null in their place or bail. - * If we are in interactive mode, STDOUT_FILENO *must* be open. */ - for (ch = STDIN_FILENO; ch <= STDERR_FILENO; ch++) { - if (fcntl(ch, F_GETFL, 0) == -1 && errno == EBADF) { - if (ch == STDOUT_FILENO && iflag) - exit(1); /* need stdout for -i */ - if (open(_PATH_DEVNULL, O_RDWR, 0644) == -1) - exit(1); /* just bail */ - } - } + sanitise_stdfd(); if (argc - optind > 0) usage(); |