=== modified file 'plugin-runner.c' --- plugin-runner.c 2020-07-04 11:58:52 +0000 +++ plugin-runner.c 2021-01-31 21:40:15 +0000 @@ -47,8 +47,8 @@ struct stat, fstat(), close(), setgid(), setuid(), S_ISREG(), faccessat() pipe2(), fork(), - _exit(), dup2(), fexecve(), read() - */ + _exit(), dup2(), fexecve(), read(), + lstat(), symlink() */ #include /* fcntl(), F_GETFD, F_SETFD, FD_CLOEXEC, openat(), scandirat(), pipe2() */ @@ -858,6 +858,15 @@ } close(plugindir_fd); } + + /* Work around Debian bug #981302 + */ + if(lstat("/dev/fd", &st) != 0 and errno == ENOENT){ + ret = symlink("/proc/self/fd", "/dev/fd"); + if(ret == -1){ + error(0, errno, "Failed to create /dev/fd symlink"); + } + } } /* Lower permissions */ === modified file 'plugins.d/mandos-client.c' --- plugins.d/mandos-client.c 2020-07-04 11:58:52 +0000 +++ plugins.d/mandos-client.c 2021-01-31 21:40:15 +0000 @@ -80,7 +80,7 @@ #include /* close(), SEEK_SET, off_t, write(), getuid(), getgid(), seteuid(), setgid(), pause(), _exit(), - unlinkat() */ + unlinkat(), lstat(), symlink() */ #include /* inet_pton(), htons() */ #include /* not, or, and */ #include /* struct argp_option, error_t, struct @@ -2715,9 +2715,6 @@ } { - /* Work around Debian bug #633582: - */ - /* Re-raise privileges */ ret = raise_privileges(); if(ret != 0){ @@ -2726,6 +2723,9 @@ } else { struct stat st; + /* Work around Debian bug #633582: + */ + if(strcmp(seckey, PATHDIR "/" SECKEY) == 0){ int seckey_fd = open(seckey, O_RDONLY); if(seckey_fd == -1){ @@ -2790,6 +2790,15 @@ } } + /* Work around Debian bug #981302 + */ + if(lstat("/dev/fd", &st) != 0 and errno == ENOENT){ + ret = symlink("/proc/self/fd", "/dev/fd"); + if(ret == -1){ + perror_plus("Failed to create /dev/fd symlink"); + } + } + /* Lower privileges */ ret = lower_privileges(); if(ret != 0){