[src/netbsd-1-5]: src/sys/kern Pull up revisions 1.86-1.88 (requested by chri...

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/26bac3beeb80
branches:  netbsd-1-5
changeset: 493089:26bac3beeb80
user:      he <he%NetBSD.org@localhost>
date:      Fri Apr 26 17:51:19 2002 +0000

description:
Pull up revisions 1.86-1.88 (requested by christos):
  If a set{u,g}id binary is invoked with fd < 3 closed, open those
  file desciptors to /dev/null.

diffstat:

 sys/kern/kern_descrip.c |  70 ++++++++++++++++++++++++++++++++++++++++++++++++-
 1 files changed, 69 insertions(+), 1 deletions(-)

diffs (88 lines):

diff -r 0980fbbe60df -r 26bac3beeb80 sys/kern/kern_descrip.c
--- a/sys/kern/kern_descrip.c   Fri Apr 26 17:09:51 2002 +0000
+++ b/sys/kern/kern_descrip.c   Fri Apr 26 17:51:19 2002 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: kern_descrip.c,v 1.67.4.6 2002/02/09 22:56:01 he Exp $ */
+/*     $NetBSD: kern_descrip.c,v 1.67.4.7 2002/04/26 17:51:19 he Exp $ */
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1991, 1993
@@ -47,6 +47,7 @@
 #include <sys/vnode.h>
 #include <sys/proc.h>
 #include <sys/file.h>
+#include <sys/namei.h>
 #include <sys/socket.h>
 #include <sys/socketvar.h>
 #include <sys/stat.h>
@@ -1390,3 +1391,70 @@
                if (fdp->fd_ofileflags[fd] & UF_EXCLOSE)
                        (void) fdrelease(p, fd);
 }
+
+/*
+ * It is unsafe for set[ug]id processes to be started with file
+ * descriptors 0..2 closed, as these descriptors are given implicit
+ * significance in the Standard C library.  fdcheckstd() will create a
+ * descriptor referencing /dev/null for each of stdin, stdout, and
+ * stderr that is not already open.
+ */
+int
+fdcheckstd(p)
+       struct proc *p;
+{
+       struct nameidata nd;
+       struct filedesc *fdp;
+       struct file *fp;
+       struct file *devnullfp;
+       register_t retval;
+       int fd, i, error, flags = FREAD|FWRITE, devnull = -1, logged = 0;
+
+       if ((fdp = p->p_fd) == NULL)
+              return 0;
+       for (i = 0; i < 3; i++) {
+               if (fdp->fd_ofiles[i] != NULL)
+                       continue;
+               if (!logged) {
+                       log(LOG_WARNING, "set{u,g}id pid %d (%s) was invoked "
+                           "with fd 0, 1, or 2 closed\n", p->p_pid, p->p_comm);
+                       logged++;
+               }
+               if (devnull < 0) {
+                       if ((error = falloc(p, &fp, &fd)) != 0)
+                               return error;
+                       NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, "/dev/null",
+                           p);
+                       if ((error = vn_open(&nd, flags, 0)) != 0) {
+                               FILE_UNUSE(fp, p);
+                               ffree(fp);
+                               fdremove(p->p_fd, fd);
+                               return error;
+                       }
+                       fp->f_data = (caddr_t)nd.ni_vp;
+                       fp->f_flag = flags;
+                       fp->f_ops = &vnops;
+                       fp->f_type = DTYPE_VNODE;
+                       VOP_UNLOCK(nd.ni_vp, 0);
+                       devnull = fd;
+                       devnullfp = fp;
+                       FILE_SET_MATURE(fp);
+                       FILE_UNUSE(fp, p);
+               } else {
+restart:
+                       if ((error = fdalloc(p, 0, &fd)) != 0) {
+                               if (error == ENOSPC) {
+                                       fdexpand(p);
+                                       goto restart;
+                               }
+                               return error;
+                       }
+
+                       FILE_USE(devnullfp);
+                       /* finishdup() will unuse the descriptors for us */
+                       if ((error = finishdup(p, devnull, fd, &retval)) != 0)
+                               return error;
+               }
+       }
+       return 0;
+}