mirrors/systemd
0
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-23 18:23:32 +08:00
Code Issues Packages Projects Releases Wiki Activity

execute: chown() the tty when running owning them

Browse Source
This commit is contained in:
Lennart Poettering 2010-04-13 18:50:43 +02:00
parent 90a13a44cb
commit 02a51abad1
1 changed files with 35 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
execute.c
View File

@ -44,6 +44,9 @@
#include "securebits.h"
#include "cgroup.h"
/* This assumes there is a 'tty' group */
#define TTY_MODE 0620
static int shift_fds(int fds[], unsigned n_fds) {
int start, restart_from;
@ -290,6 +293,7 @@ static int setup_output(const ExecContext *context, const char *ident) {
static int setup_error(const ExecContext *context, const char *ident) {
assert(context);
assert(ident);
/* This expects the input and output are already set up */
@ -326,6 +330,26 @@ static int setup_error(const ExecContext *context, const char *ident) {
}
}
static int chown_terminal(int fd, uid_t uid) {
struct stat st;
assert(fd >= 0);
assert(uid >= 0);
/* This might fail. What matters are the results. */
fchown(fd, uid, -1);
fchmod(fd, TTY_MODE);
if (fstat(fd, &st) < 0)
return -errno;
if (st.st_uid != uid ||
st.st_mode != TTY_MODE)
return -EPERM;
return 0;
}
static int setup_confirm_stdio(const ExecContext *context,
int *_saved_stdin,
int *_saved_stdout) {
@ -354,6 +378,11 @@ static int setup_confirm_stdio(const ExecContext *context,
goto fail;
}
if (chown_terminal(fd, getuid()) < 0) {
r = EXIT_STDIN;
goto fail;
}
if (dup2(fd, STDIN_FILENO) < 0) {
r = EXIT_STDIN;
goto fail;
@ -814,6 +843,12 @@ int exec_spawn(ExecCommand *command,
goto fail;
}
if (is_terminal_input(context->std_input))
if (chown_terminal(STDIN_FILENO, uid) < 0) {
r = EXIT_STDIN;
goto fail;
}
if (apply_chroot) {
if (context->root_directory)
if (chroot(context->root_directory) < 0) {