diff options
| author | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2016-10-16 22:00:15 +0000 |
|---|---|---|
| committer | Alexander Bluhm <bluhm@cvs.openbsd.org> | 2016-10-16 22:00:15 +0000 |
| commit | 682bdbaa44332449efd70c28f021e0a61033aa50 (patch) | |
| tree | 11aca74dcc26fb26049adff1ef0c2fa9705e4ce7 /usr.sbin | |
| parent | cd7c65ba07b97e78c1260eb22621dba3b7ca3ba8 (diff) | |
Use closefrom(4) in privsep parent and avoid some global file
descriptor variables in syslogd(8) this way.
OK rzalamena@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/syslogd/privsep.c | 28 | ||||
| -rw-r--r-- | usr.sbin/syslogd/syslogd.c | 9 | ||||
| -rw-r--r-- | usr.sbin/syslogd/syslogd.h | 4 |
3 files changed, 10 insertions, 31 deletions
diff --git a/usr.sbin/syslogd/privsep.c b/usr.sbin/syslogd/privsep.c index 16a1f9ac53a..305808c3bb2 100644 --- a/usr.sbin/syslogd/privsep.c +++ b/usr.sbin/syslogd/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.62 2016/10/06 13:03:47 bluhm Exp $ */ +/* $OpenBSD: privsep.c,v 1.63 2016/10/16 22:00:14 bluhm Exp $ */ /* * Copyright (c) 2003 Anil Madhavapeddy <anil@recoil.org> @@ -139,31 +139,11 @@ priv_init(int lockfd, int nullfd, int argc, char *argv[]) if (nullfd > 2) close(nullfd); - /* Close descriptors that only the unpriv child needs */ - if (fd_ctlconn != -1) - close(fd_ctlconn); - if (fd_ctlsock != -1) - close(fd_ctlsock); - if (fd_klog != -1) - close(fd_klog); - if (fd_sendsys != -1) - close(fd_sendsys); - if (fd_udp != -1) - close(fd_udp); - if (fd_udp6 != -1) - close(fd_udp6); - if (fd_bind != -1) - close(fd_bind); - if (fd_listen != -1) - close(fd_listen); - if (fd_tls != -1) - close(fd_tls); - for (i = 0; i < nunix; i++) - if (fd_unix[i] != -1) - close(fd_unix[i]); - if (dup3(socks[0], 3, 0) == -1) err(1, "dup3 priv sock failed"); + if (closefrom(4) == -1) + err(1, "closefrom 4 failed"); + snprintf(childnum, sizeof(childnum), "%d", child_pid); if ((privargv = reallocarray(NULL, argc + 3, sizeof(char *))) == NULL) err(1, "alloc priv argv failed"); diff --git a/usr.sbin/syslogd/syslogd.c b/usr.sbin/syslogd/syslogd.c index a1e04631571..ae5184e04cd 100644 --- a/usr.sbin/syslogd/syslogd.c +++ b/usr.sbin/syslogd/syslogd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: syslogd.c,v 1.218 2016/10/06 13:03:47 bluhm Exp $ */ +/* $OpenBSD: syslogd.c,v 1.219 2016/10/16 22:00:14 bluhm Exp $ */ /* * Copyright (c) 1983, 1988, 1993, 1994 @@ -279,9 +279,8 @@ size_t ctl_reply_offset = 0; /* Number of bytes of reply written so far */ char *linebuf; int linesize; -int fd_ctlsock, fd_ctlconn, fd_klog, fd_sendsys, fd_udp, fd_udp6, - fd_bind, fd_listen, fd_tls, fd_unix[MAXUNIX]; -struct event *ev_ctlaccept, *ev_ctlread, *ev_ctlwrite; +int fd_ctlconn, fd_udp, fd_udp6, fd_tls; +struct event *ev_ctlaccept, *ev_ctlread, *ev_ctlwrite; struct peer { struct buffertls p_buftls; @@ -359,6 +358,8 @@ main(int argc, char *argv[]) char *p; int ch, i; int lockpipe[2] = { -1, -1}, pair[2], nullfd, fd; + int fd_ctlsock, fd_klog, fd_sendsys, fd_bind, fd_listen; + int fd_unix[MAXUNIX]; while ((ch = getopt(argc, argv, "46a:C:c:dFf:hK:k:m:nP:p:S:s:T:U:uVZ")) != -1) diff --git a/usr.sbin/syslogd/syslogd.h b/usr.sbin/syslogd/syslogd.h index 30b6025b442..f95c66a4b7f 100644 --- a/usr.sbin/syslogd/syslogd.h +++ b/usr.sbin/syslogd/syslogd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: syslogd.h,v 1.24 2016/10/06 13:03:47 bluhm Exp $ */ +/* $OpenBSD: syslogd.h,v 1.25 2016/10/16 22:00:14 bluhm Exp $ */ /* * Copyright (c) 2003 Anil Madhavapeddy <anil@recoil.org> @@ -46,8 +46,6 @@ int receive_fd(int); extern int nunix; extern char *path_unix[MAXUNIX]; extern char *path_ctlsock; -extern int fd_ctlsock, fd_ctlconn, fd_klog, fd_sendsys; -extern int fd_udp, fd_udp6, fd_bind, fd_listen, fd_tls, fd_unix[MAXUNIX]; #define MAXLINE 8192 /* maximum line length */ #define ERRBUFSIZE 256 |