Close all unwanted open file descriptors before executing commands and mail.
There might be file descriptors open by things like pam_systemd that we do not want to keep open for the child process. Original idea by: Jakub Jelen <jjelen@redhat.com> Upstream commit: b2c8cbcef8c97b5a175d6e71995249b288707b0f
This commit is contained in:
Marcela Mašláňová
parent
33d5961320
commit
baf9308b21
39
cronie-1.4.11-kill_fd.patch
Normal file
39
cronie-1.4.11-kill_fd.patch
Normal file
@ -0,0 +1,39 @@
|
||||
diff -up cronie-1.4.11/src/do_command.c.pff cronie-1.4.11/src/do_command.c
|
||||
--- cronie-1.4.11/src/do_command.c.pff 2013-07-18 14:27:08.000000000 +0200
|
||||
+++ cronie-1.4.11/src/do_command.c 2014-04-30 14:42:32.761953732 +0200
|
||||
@@ -238,6 +238,12 @@ static int child_process(entry * e, char
|
||||
*/
|
||||
{
|
||||
char *shell = env_get("SHELL", jobenv);
|
||||
+ int fd, fdmax = getdtablesize();
|
||||
+
|
||||
+ /* close all unwanted open file descriptors */
|
||||
+ for(fd = STDERR + 1; fd < fdmax; fd++) {
|
||||
+ close(fd);
|
||||
+ }
|
||||
|
||||
#if DEBUGGING
|
||||
if (DebugFlags & DTEST) {
|
||||
diff -up cronie-1.4.11/src/popen.c.pff cronie-1.4.11/src/popen.c
|
||||
--- cronie-1.4.11/src/popen.c.pff 2013-07-18 14:27:08.000000000 +0200
|
||||
+++ cronie-1.4.11/src/popen.c 2014-04-30 14:43:42.177095194 +0200
|
||||
@@ -69,6 +69,7 @@ FILE *cron_popen(char *program, const ch
|
||||
ssize_t out;
|
||||
char buf[PIPE_BUF];
|
||||
struct sigaction sa;
|
||||
+ int fd;
|
||||
|
||||
#ifdef __GNUC__
|
||||
(void) &iop; /* Avoid fork clobbering */
|
||||
@@ -121,6 +122,11 @@ FILE *cron_popen(char *program, const ch
|
||||
sa.sa_handler = SIG_DFL;
|
||||
sigaction(SIGPIPE, &sa, NULL);
|
||||
|
||||
+ /* close all unwanted open file descriptors */
|
||||
+ for (fd = STDERR + 1; fd < fds; fd++) {
|
||||
+ close(fd);
|
||||
+ }
|
||||
+
|
||||
if (cron_change_user_permanently(pw, pw->pw_dir) != 0)
|
||||
_exit(2);
|
||||
|
||||
@ -6,9 +6,10 @@
|
||||
Summary: Cron daemon for executing programs at set times
|
||||
Name: cronie
|
||||
Version: 1.4.11
|
||||
Release: 5%{?dist}
|
||||
Release: 6%{?dist}
|
||||
Patch0: correct-env.patch
|
||||
Patch1: unitfile-killprocess.patch
|
||||
Patch2: cronie-1.4.11-kill_fd.patch
|
||||
License: MIT and BSD and ISC and GPLv2+
|
||||
Group: System Environment/Base
|
||||
URL: https://fedorahosted.org/cronie
|
||||
@ -79,6 +80,7 @@ extra features.
|
||||
%setup -q
|
||||
%patch0 -p1 -b .jobenv
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
%build
|
||||
%configure \
|
||||
@ -203,6 +205,9 @@ exit 0
|
||||
%attr(0644,root,root) %{_sysconfdir}/cron.d/dailyjobs
|
||||
|
||||
%changelog
|
||||
* Wed Apr 30 2014 Marcela Mašláňová <mmaslano@redhat.com> - 1.4.11-6
|
||||
- unwanted fd could make trouble to SElinux 1075106
|
||||
|
||||
* Thu Jan 16 2014 Ville Skyttä <ville.skytta@iki.fi> - 1.4.11-5
|
||||
- Drop INSTALL from docs, fix rpmlint tabs vs spaces warning.
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user