picnoir/glibc
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

hurd: Fix auth port leak

Browse source 
If access() was used before exec, _hurd_id.rid_auth would cache an
"effective" auth port.  We do not want this to leak into the executed
program.
This commit is contained in:
Samuel Thibault 2022-01-02 04:08:11 +01:00
parent 8df0def7a4
commit 0e298448aa
1 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
hurd/hurdexec.c
View file

@ -229,6 +229,14 @@ retry:
reflects that our whole ID set differs from what we've set it to. */
__mutex_lock (&_hurd_id.lock);
err = _hurd_check_ids ();
/* Avoid leaking the rid_auth port reference to the new progam */
if (_hurd_id.rid_auth != MACH_PORT_NULL)
{
__mach_port_deallocate (__mach_task_self (), _hurd_id.rid_auth);
_hurd_id.rid_auth = MACH_PORT_NULL;
}
if (err == 0 && ((_hurd_id.aux.nuids >= 2 && _hurd_id.gen.nuids >= 1
&& _hurd_id.aux.uids[1] != _hurd_id.gen.uids[0])
|| (_hurd_id.aux.ngids >= 2 && _hurd_id.gen.ngids >= 1
@ -244,11 +252,6 @@ retry:
_hurd_id.aux.uids[1] = _hurd_id.gen.uids[0];
_hurd_id.aux.gids[1] = _hurd_id.gen.gids[0];
_hurd_id.valid = 0;
if (_hurd_id.rid_auth != MACH_PORT_NULL)
{
__mach_port_deallocate (__mach_task_self (), _hurd_id.rid_auth);
_hurd_id.rid_auth = MACH_PORT_NULL;
}
err = __auth_makeauth (ports[INIT_PORT_AUTH],
NULL, MACH_MSG_TYPE_COPY_SEND, 0,