/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to dracut-module/password-agent.c

  • Committer: Teddy Hogeborn
  • Date: 2019-08-03 12:27:14 UTC
  • mto: This revision was merged to the branch mainline in revision 386.
  • Revision ID: teddy@recompile.se-20190803122714-efudxsyomr1k0zbt
dracut-module/password-agent.c: Use O_NOCTTY

Whenever a file is opened using open(), use the O_NOCTTY flag, just to
be safe.

* dracut-module/password-agent.c (test_start_mandos_client_execv): Use
  O_NOCTTY.
  (test_wait_for_mandos_client_exit_failure): - '' -
  (test_wait_for_mandos_client_exit_killed): - '' -
  (test_read_mandos_client_output_readerror): - '' -
  (test_read_inotify_event_readerror): - '' -
  (test_connect_question_socket_bad_epoll): - '' -
  (test_send_password_to_socket_bad_epoll): - '' -
  (assert_add_existing_questions_to_devnull): - '' -

Show diffs side-by-side

added added

removed removed

Lines of Context:
83
83
#include <sys/mman.h>           /* munlock(), mlock() */
84
84
#include <fcntl.h>              /* O_CLOEXEC, O_NONBLOCK, fcntl(),
85
85
                                   F_GETFD, F_GETFL, FD_CLOEXEC,
86
 
                                   open(), O_WRONLY, O_RDONLY */
 
86
                                   open(), O_WRONLY, O_NOCTTY,
 
87
                                   O_RDONLY */
87
88
#include <sys/wait.h>           /* waitpid(), WNOHANG, WIFEXITED(),
88
89
                                   WEXITSTATUS() */
89
90
#include <limits.h>             /* PIPE_BUF, NAME_MAX, INT_MAX */
2224
2225
 
2225
2226
  {
2226
2227
    __attribute__((cleanup(cleanup_close)))
2227
 
      const int devnull_fd = open("/dev/null", O_WRONLY | O_CLOEXEC);
 
2228
      const int devnull_fd = open("/dev/null",
 
2229
                                  O_WRONLY | O_CLOEXEC | O_NOCTTY);
2228
2230
    g_assert_cmpint(devnull_fd, >=, 0);
2229
2231
    __attribute__((cleanup(cleanup_close)))
2230
2232
      const int real_stderr_fd = dup(STDERR_FILENO);
2254
2256
    {
2255
2257
      __attribute__((cleanup(cleanup_close)))
2256
2258
        const int devnull_fd = open("/dev/null",
2257
 
                                    O_WRONLY | O_CLOEXEC);
 
2259
                                    O_WRONLY | O_CLOEXEC | O_NOCTTY);
2258
2260
      g_assert_cmpint(devnull_fd, >=, 0);
2259
2261
      __attribute__((cleanup(cleanup_close)))
2260
2262
        const int real_stderr_fd = dup(STDERR_FILENO);
2905
2907
 
2906
2908
  __attribute__((cleanup(cleanup_close)))
2907
2909
    const int devnull_fd = open("/dev/null",
2908
 
                                O_WRONLY | O_CLOEXEC);
 
2910
                                O_WRONLY | O_CLOEXEC | O_NOCTTY);
2909
2911
  g_assert_cmpint(devnull_fd, >=, 0);
2910
2912
  __attribute__((cleanup(cleanup_close)))
2911
2913
    const int real_stderr_fd = dup(STDERR_FILENO);
2976
2978
 
2977
2979
  __attribute__((cleanup(cleanup_close)))
2978
2980
    const int devnull_fd = open("/dev/null",
2979
 
                                O_WRONLY | O_CLOEXEC);
 
2981
                                O_WRONLY | O_CLOEXEC, O_NOCTTY);
2980
2982
  g_assert_cmpint(devnull_fd, >=, 0);
2981
2983
  __attribute__((cleanup(cleanup_close)))
2982
2984
    const int real_stderr_fd = dup(STDERR_FILENO);
3020
3022
    buffer password = {};
3021
3023
 
3022
3024
  /* Reading /proc/self/mem from offset 0 will always give EIO */
3023
 
  const int fd = open("/proc/self/mem", O_RDONLY | O_CLOEXEC);
 
3025
  const int fd = open("/proc/self/mem",
 
3026
                      O_RDONLY | O_CLOEXEC | O_NOCTTY);
3024
3027
 
3025
3028
  bool password_is_read = false;
3026
3029
  bool quit_now = false;
3934
3937
  const mono_microsecs current_time = 0;
3935
3938
 
3936
3939
  /* Reading /proc/self/mem from offset 0 will always result in EIO */
3937
 
  const int fd = open("/proc/self/mem", O_RDONLY | O_CLOEXEC);
 
3940
  const int fd = open("/proc/self/mem",
 
3941
                      O_RDONLY | O_CLOEXEC | O_NOCTTY);
3938
3942
 
3939
3943
  bool quit_now = false;
3940
3944
  __attribute__((cleanup(cleanup_queue)))
5625
5629
                                            __attribute__((unused))
5626
5630
                                            gconstpointer user_data){
5627
5631
  __attribute__((cleanup(cleanup_close)))
5628
 
    const int epoll_fd = open("/dev/null", O_WRONLY | O_CLOEXEC);
 
5632
    const int epoll_fd = open("/dev/null",
 
5633
                              O_WRONLY | O_CLOEXEC | O_NOCTTY);
5629
5634
  __attribute__((cleanup(cleanup_string)))
5630
5635
    char *const question_filename = strdup("/nonexistent/question");
5631
5636
  g_assert_nonnull(question_filename);
6035
6040
                                            __attribute__((unused))
6036
6041
                                            gconstpointer user_data){
6037
6042
  __attribute__((cleanup(cleanup_close)))
6038
 
    const int epoll_fd = open("/dev/null", O_WRONLY | O_CLOEXEC);
 
6043
    const int epoll_fd = open("/dev/null",
 
6044
                              O_WRONLY | O_CLOEXEC | O_NOCTTY);
6039
6045
  __attribute__((cleanup(cleanup_string)))
6040
6046
    char *const question_filename = strdup("/nonexistent/question");
6041
6047
  g_assert_nonnull(question_filename);
6304
6310
                                              const char *const
6305
6311
                                              dirname){
6306
6312
  __attribute__((cleanup(cleanup_close)))
6307
 
    const int devnull_fd = open("/dev/null", O_WRONLY | O_CLOEXEC);
 
6313
    const int devnull_fd = open("/dev/null",
 
6314
                                O_WRONLY | O_CLOEXEC | O_NOCTTY);
6308
6315
  g_assert_cmpint(devnull_fd, >=, 0);
6309
6316
  __attribute__((cleanup(cleanup_close)))
6310
6317
    const int real_stderr_fd = dup(STDERR_FILENO);