Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-6]: src/lib/libkvm Pull up revision 1.65.4.2 from netbsd-1-5 br...
details: https://anonhg.NetBSD.org/src/rev/0739746452cf
branches: netbsd-1-6
changeset: 530295:0739746452cf
user: grant <grant%NetBSD.org@localhost>
date: Mon Jun 16 13:41:19 2003 +0000
description:
Pull up revision 1.65.4.2 from netbsd-1-5 branch (requested by david in
ticket #1255):
Set the close-on-exec bit on all file descriptors we open. Inspired by
a FreeBSD security advisory.
diffstat:
lib/libkvm/kvm.c | 47 +++++++++++++++++++++++++++++++++++++++--------
1 files changed, 39 insertions(+), 8 deletions(-)
diffs (125 lines):
diff -r a0c0e4a4c4ab -r 0739746452cf lib/libkvm/kvm.c
--- a/lib/libkvm/kvm.c Mon Jun 16 13:38:11 2003 +0000
+++ b/lib/libkvm/kvm.c Mon Jun 16 13:41:19 2003 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: kvm.c,v 1.70 2001/09/18 18:15:49 wiz Exp $ */
+/* $NetBSD: kvm.c,v 1.70.4.1 2003/06/16 13:41:19 grant Exp $ */
/*-
* Copyright (c) 1989, 1992, 1993
@@ -42,7 +42,7 @@
#if 0
static char sccsid[] = "@(#)kvm.c 8.2 (Berkeley) 2/13/94";
#else
-__RCSID("$NetBSD: kvm.c,v 1.70 2001/09/18 18:15:49 wiz Exp $");
+__RCSID("$NetBSD: kvm.c,v 1.70.4.1 2003/06/16 13:41:19 grant Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
@@ -78,6 +78,7 @@
static kvm_t *_kvm_open __P((kvm_t *, const char *, const char *,
const char *, int, char *));
static int clear_gap __P((kvm_t *, FILE *, int));
+static int open_cloexec __P((const char *, int, int));
static off_t Lseek __P((kvm_t *, int, off_t, int));
static ssize_t Pread __P((kvm_t *, int, void *, size_t, off_t));
@@ -174,6 +175,29 @@
}
/*
+ * Open a file setting the close on exec bit.
+ */
+static int
+open_cloexec(fname, flags, mode)
+ const char *fname;
+ int flags, mode;
+{
+ int fd;
+
+ if ((fd = open(fname, flags, mode)) == -1)
+ return fd;
+ if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1)
+ goto error;
+
+ return fd;
+error:
+ flags = errno;
+ (void)close(fd);
+ errno = flags;
+ return -1;
+}
+
+/*
* Wrapper around the lseek(2) system call; calls _kvm_syserr() for us
* in the event of emergency.
*/
@@ -280,7 +304,7 @@
if (sf == 0)
sf = _PATH_DRUM;
- if ((kd->pmfd = open(mf, flag, 0)) < 0) {
+ if ((kd->pmfd = open_cloexec(mf, flag, 0)) < 0) {
_kvm_syserr(kd, kd->program, "%s", mf);
goto failed;
}
@@ -300,12 +324,12 @@
"%s: not physical memory device", mf);
goto failed;
}
- if ((kd->vmfd = open(_PATH_KMEM, flag)) < 0) {
+ if ((kd->vmfd = open_cloexec(_PATH_KMEM, flag, 0)) < 0) {
_kvm_syserr(kd, kd->program, "%s", _PATH_KMEM);
goto failed;
}
kd->alive = KVM_ALIVE_FILES;
- if ((kd->swfd = open(sf, flag, 0)) < 0) {
+ if ((kd->swfd = open_cloexec(sf, flag, 0)) < 0) {
_kvm_syserr(kd, kd->program, "%s", sf);
goto failed;
}
@@ -317,7 +341,7 @@
* revert to slow nlist() calls.
*/
if ((ufgiven || kvm_dbopen(kd) < 0) &&
- (kd->nlfd = open(uf, O_RDONLY, 0)) < 0) {
+ (kd->nlfd = open_cloexec(uf, O_RDONLY, 0)) < 0) {
_kvm_syserr(kd, kd->program, "%s", uf);
goto failed;
}
@@ -327,7 +351,7 @@
* Initialize the virtual address translation machinery,
* but first setup the namelist fd.
*/
- if ((kd->nlfd = open(uf, O_RDONLY, 0)) < 0) {
+ if ((kd->nlfd = open_cloexec(uf, O_RDONLY, 0)) < 0) {
_kvm_syserr(kd, kd->program, "%s", uf);
goto failed;
}
@@ -726,10 +750,17 @@
struct nlist nitem;
char dbversion[_POSIX2_LINE_MAX];
char kversion[_POSIX2_LINE_MAX];
+ int fd;
kd->db = dbopen(_PATH_KVMDB, O_RDONLY, 0, DB_HASH, NULL);
if (kd->db == 0)
return (-1);
+ if ((fd = (*kd->db->fd)(kd->db)) >= 0) {
+ if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
+ (*kd->db->close)(kd->db);
+ return (-1);
+ }
+ }
/*
* read version out of database
*/
@@ -852,7 +883,7 @@
errno = 0;
val = 0;
- if (pwrite(kd->pmfd, (void *) &val, sizeof(val),
+ if (pwrite(kd->pmfd, (void *)&val, sizeof(val),
_kvm_pa2off(kd, pa)) == -1) {
_kvm_syserr(kd, 0, "cannot invalidate dump - pwrite");
return (-1);
Home |
Main Index |
Thread Index |
Old Index