diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2005-09-13 23:40:08 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2005-09-13 23:40:08 +0000 |
| commit | f7ed8afaa32cf14a3921e1a6629a45030d317578 (patch) | |
| tree | aff976549515501dd8aecdd5af5558144fc815d4 /usr.bin/ssh | |
| parent | 1c0cfe866c6d27bcf2266c00206273572ea38d15 (diff) | |
ensure that stdio fds are attached; ok deraadt@
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/misc.c | 22 | ||||
| -rw-r--r-- | usr.bin/ssh/misc.h | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/scp.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/sftp-server.c | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/sftp.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-add.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-agent.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keyscan.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keysign.c | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.c | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 5 |
12 files changed, 68 insertions, 12 deletions
diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c index 6450198a0c3..b5721a0c4f8 100644 --- a/usr.bin/ssh/misc.c +++ b/usr.bin/ssh/misc.c @@ -24,7 +24,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: misc.c,v 1.34 2005/07/08 09:26:18 dtucker Exp $"); +RCSID("$OpenBSD: misc.c,v 1.35 2005/09/13 23:40:07 djm Exp $"); #include "misc.h" #include "log.h" @@ -501,6 +501,26 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, return -1; } +void +sanitise_stdfd(void) +{ + int nullfd; + + if ((nullfd = open(_PATH_DEVNULL, O_RDWR)) == -1) { + fprintf(stderr, "Couldn't open /dev/null: %s", strerror(errno)); + exit(1); + } + while (nullfd < 2) { + if (dup2(nullfd, nullfd + 1) == -1) { + fprintf(stderr, "dup2: %s", strerror(errno)); + exit(1); + } + nullfd++; + } + if (nullfd > 2) + close(nullfd); +} + char * tohex(const u_char *d, u_int l) { diff --git a/usr.bin/ssh/misc.h b/usr.bin/ssh/misc.h index 2d630feb5f8..51541336cf3 100644 --- a/usr.bin/ssh/misc.h +++ b/usr.bin/ssh/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.25 2005/07/14 04:00:43 dtucker Exp $ */ +/* $OpenBSD: misc.h,v 1.26 2005/09/13 23:40:07 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -27,6 +27,7 @@ long convtime(const char *); char *tilde_expand_filename(const char *, uid_t); char *percent_expand(const char *, ...) __attribute__((__sentinel__)); char *tohex(const u_char *, u_int); +void sanitise_stdfd(void); struct passwd *pwcopy(struct passwd *); diff --git a/usr.bin/ssh/scp.c b/usr.bin/ssh/scp.c index d02e69022a4..9a6c5288399 100644 --- a/usr.bin/ssh/scp.c +++ b/usr.bin/ssh/scp.c @@ -71,7 +71,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: scp.c,v 1.125 2005/07/27 10:39:03 dtucker Exp $"); +RCSID("$OpenBSD: scp.c,v 1.126 2005/09/13 23:40:07 djm Exp $"); #include "xmalloc.h" #include "atomicio.h" @@ -222,6 +222,9 @@ main(int argc, char **argv) extern char *optarg; extern int optind; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + args.list = NULL; addargs(&args, "ssh"); /* overwritten with ssh_program */ addargs(&args, "-x"); diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c index 45a19f8fe77..8e78377f0b4 100644 --- a/usr.bin/ssh/sftp-server.c +++ b/usr.bin/ssh/sftp-server.c @@ -14,13 +14,14 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ #include "includes.h" -RCSID("$OpenBSD: sftp-server.c,v 1.48 2005/06/17 02:44:33 djm Exp $"); +RCSID("$OpenBSD: sftp-server.c,v 1.49 2005/09/13 23:40:07 djm Exp $"); #include "buffer.h" #include "bufaux.h" #include "getput.h" #include "log.h" #include "xmalloc.h" +#include "misc.h" #include "sftp.h" #include "sftp-common.h" @@ -1016,6 +1017,9 @@ main(int ac, char **av) int in, out, max; ssize_t len, olen, set_size; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + /* XXX should use getopt */ handle_init(); diff --git a/usr.bin/ssh/sftp.c b/usr.bin/ssh/sftp.c index d0070a1d1af..f7c044b01be 100644 --- a/usr.bin/ssh/sftp.c +++ b/usr.bin/ssh/sftp.c @@ -16,7 +16,7 @@ #include "includes.h" -RCSID("$OpenBSD: sftp.c,v 1.66 2005/08/08 13:22:48 jaredy Exp $"); +RCSID("$OpenBSD: sftp.c,v 1.67 2005/09/13 23:40:07 djm Exp $"); #include <glob.h> #include <histedit.h> @@ -1428,6 +1428,9 @@ main(int argc, char **argv) extern int optind; extern char *optarg; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + args.list = NULL; addargs(&args, "ssh"); /* overwritten with ssh_program */ addargs(&args, "-oForwardX11 no"); diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index 0347b3a94bd..a836e32dfa5 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -35,7 +35,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-add.c,v 1.72 2005/07/17 07:17:55 djm Exp $"); +RCSID("$OpenBSD: ssh-add.c,v 1.73 2005/09/13 23:40:07 djm Exp $"); #include <openssl/evp.h> @@ -312,6 +312,9 @@ main(int argc, char **argv) char *sc_reader_id = NULL; int i, ch, deleting = 0, ret = 0; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + SSLeay_add_all_algorithms(); /* At first, get a connection to the authentication agent. */ diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index 63b59a55d7b..912f3996bd9 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include <sys/queue.h> -RCSID("$OpenBSD: ssh-agent.c,v 1.122 2004/10/29 22:53:56 djm Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.123 2005/09/13 23:40:07 djm Exp $"); #include <openssl/evp.h> #include <openssl/md5.h> @@ -1001,6 +1001,9 @@ main(int ac, char **av) pid_t pid; char pidstrbuf[1 + 3 * sizeof pid]; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + /* drop */ setegid(getgid()); setgid(getgid()); diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 07198ed2ec6..042f0983efd 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -12,7 +12,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keygen.c,v 1.128 2005/07/17 07:17:55 djm Exp $"); +RCSID("$OpenBSD: ssh-keygen.c,v 1.129 2005/09/13 23:40:07 djm Exp $"); #include <openssl/evp.h> #include <openssl/pem.h> @@ -1018,6 +1018,9 @@ main(int ac, char **av) extern int optind; extern char *optarg; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + SSLeay_add_all_algorithms(); log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); diff --git a/usr.bin/ssh/ssh-keyscan.c b/usr.bin/ssh/ssh-keyscan.c index 5e2377c0a69..634184723e2 100644 --- a/usr.bin/ssh/ssh-keyscan.c +++ b/usr.bin/ssh/ssh-keyscan.c @@ -7,7 +7,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh-keyscan.c,v 1.55 2005/06/17 02:44:33 djm Exp $"); +RCSID("$OpenBSD: ssh-keyscan.c,v 1.56 2005/09/13 23:40:07 djm Exp $"); #include <sys/queue.h> #include <errno.h> @@ -700,6 +700,9 @@ main(int argc, char **argv) TAILQ_INIT(&tq); + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + if (argc <= 1) usage(); diff --git a/usr.bin/ssh/ssh-keysign.c b/usr.bin/ssh/ssh-keysign.c index e3e4c33ada7..d26ec1e4fb6 100644 --- a/usr.bin/ssh/ssh-keysign.c +++ b/usr.bin/ssh/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.18 2004/08/23 14:29:23 dtucker Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.19 2005/09/13 23:40:07 djm Exp $"); #include <openssl/evp.h> #include <openssl/rand.h> @@ -146,6 +146,13 @@ main(int argc, char **argv) u_int slen, dlen; u_int32_t rnd[256]; + /* Ensure that stdin and stdout are connected */ + if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2) + exit(1); + /* Leave /dev/null fd iff it is attached to stderr */ + if (fd > 2) + close(fd); + key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 328bfda3eac..6e160bfda25 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.249 2005/07/30 01:26:16 djm Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.250 2005/09/13 23:40:07 djm Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -188,6 +188,9 @@ main(int ac, char **av) struct servent *sp; Forward fwd; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + /* * Save the original real uid. It will be needed later (uid-swapping * may clobber the real uid). diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index e0753035bc2..0d790609ce6 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.313 2005/09/13 23:40:07 djm Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -886,6 +886,9 @@ main(int ac, char **av) saved_argv = av; rexec_argc = ac; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + /* Initialize configuration options to their default values. */ initialize_server_options(&options); |