/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.c

  • Committer: Teddy Hogeborn
  • Date: 2021-01-31 21:40:15 UTC
  • mto: This revision was merged to the branch mainline in revision 404.
  • Revision ID: teddy@recompile.se-20210131214015-yz7ogk2mqfdfflo6
Work around Debian bug #981302

* plugin-runner.c (main): If the /dev/fd symlink is missing, create
  it.
* plugins.d/mandos-client.c (main): - '' -

Reported-By: Eero Häkkinen <+debian-bts-2021@eero.xn--hkkinen-5wa.fi>
Suggested-by: Eero Häkkinen <+debian-bts-2021@eero.xn--hkkinen-5wa.fi>
Thanks: Eero Häkkinen for bug report and analysis

Show diffs side-by-side

added added

removed removed

Lines of Context:
9
9
 * "browse_callback", and parts of "main".
10
10
 * 
11
11
 * Everything else is
12
 
 * Copyright © 2008-2019 Teddy Hogeborn
13
 
 * Copyright © 2008-2019 Björn Påhlsson
 
12
 * Copyright © 2008-2020 Teddy Hogeborn
 
13
 * Copyright © 2008-2020 Björn Påhlsson
14
14
 * 
15
15
 * This file is part of Mandos.
16
16
 * 
80
80
#include <unistd.h>             /* close(), SEEK_SET, off_t, write(),
81
81
                                   getuid(), getgid(), seteuid(),
82
82
                                   setgid(), pause(), _exit(),
83
 
                                   unlinkat() */
 
83
                                   unlinkat(), lstat(), symlink() */
84
84
#include <arpa/inet.h>          /* inet_pton(), htons() */
85
85
#include <iso646.h>             /* not, or, and */
86
86
#include <argp.h>               /* struct argp_option, error_t, struct
396
396
        fprintf_plus(stderr,
397
397
                     "Setting system clock to key file mtime");
398
398
      }
399
 
      time_t keytime = keystat.st_mtim.tv_sec;
400
 
      if(stime(&keytime) != 0){
401
 
        perror_plus("stime");
 
399
      if(clock_settime(CLOCK_REALTIME, &keystat.st_mtim) != 0){
 
400
        perror_plus("clock_settime");
402
401
      }
403
402
      ret = lower_privileges();
404
403
      if(ret != 0){
1074
1073
      ret = setgid(0);
1075
1074
      if(ret == -1){
1076
1075
        perror_plus("setgid");
 
1076
        close(devnull);
1077
1077
        _exit(EX_NOPERM);
1078
1078
      }
1079
1079
      /* Reset supplementary groups */
1081
1081
      ret = setgroups(0, NULL);
1082
1082
      if(ret == -1){
1083
1083
        perror_plus("setgroups");
 
1084
        close(devnull);
1084
1085
        _exit(EX_NOPERM);
1085
1086
      }
1086
1087
    }
1087
1088
    ret = dup2(devnull, STDIN_FILENO);
1088
1089
    if(ret == -1){
1089
1090
      perror_plus("dup2(devnull, STDIN_FILENO)");
 
1091
      close(devnull);
1090
1092
      _exit(EX_OSERR);
1091
1093
    }
1092
1094
    ret = close(devnull);
1093
1095
    if(ret == -1){
1094
1096
      perror_plus("close");
1095
 
      _exit(EX_OSERR);
1096
1097
    }
1097
1098
    ret = dup2(STDERR_FILENO, STDOUT_FILENO);
1098
1099
    if(ret == -1){
1133
1134
  }
1134
1135
  if(pid == -1){
1135
1136
    perror_plus("fork");
 
1137
    close(devnull);
1136
1138
    return false;
1137
1139
  }
 
1140
  ret = close(devnull);
 
1141
  if(ret == -1){
 
1142
    perror_plus("close");
 
1143
  }
1138
1144
  int status;
1139
1145
  pid_t pret = -1;
1140
1146
  errno = 0;
2709
2715
  }
2710
2716
  
2711
2717
  {
2712
 
    /* Work around Debian bug #633582:
2713
 
       <https://bugs.debian.org/633582> */
2714
 
    
2715
2718
    /* Re-raise privileges */
2716
2719
    ret = raise_privileges();
2717
2720
    if(ret != 0){
2720
2723
    } else {
2721
2724
      struct stat st;
2722
2725
      
 
2726
      /* Work around Debian bug #633582:
 
2727
         <https://bugs.debian.org/633582> */
 
2728
 
2723
2729
      if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){
2724
2730
        int seckey_fd = open(seckey, O_RDONLY);
2725
2731
        if(seckey_fd == -1){
2784
2790
        }
2785
2791
      }
2786
2792
      
 
2793
      /* Work around Debian bug #981302
 
2794
         <https://bugs.debian.org/981302> */
 
2795
      if(lstat("/dev/fd", &st) != 0 and errno == ENOENT){
 
2796
        ret = symlink("/proc/self/fd", "/dev/fd");
 
2797
        if(ret == -1){
 
2798
          perror_plus("Failed to create /dev/fd symlink");
 
2799
        }
 
2800
      }
 
2801
 
2787
2802
      /* Lower privileges */
2788
2803
      ret = lower_privileges();
2789
2804
      if(ret != 0){