This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] [BZ #18433] Check file access/existence before forking.
- From: navid Rahimi <rahimi dot nv at gmail dot com>
- To: Navid Rahimi <rahimi dot nv at gmail dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Sat, 12 Sep 2015 00:16:49 +0430
- Subject: Re: [PATCH] [BZ #18433] Check file access/existence before forking.
- Authentication-results: sourceware.org; auth=none
- References: <55F19819 dot 3010601 at gmail dot com> <20150911182249 dot GD640 at vapier>
For second patch should I create another request for review or sending
it here is not problematic (since in new patch I am using pipes to
communicate between parent and child it is kinda v2 ) ?
best wishes,
-navid
On Fri, Sep 11, 2015 at 10:52 PM, Mike Frysinger <vapier@gentoo.org> wrote:
> doing an access/stat/whatever doesn't solve the issue you described --
> as others have pointed out, there's a TOCTOU race, but there's also no
> guarantee that doing a stat/access on mode bits means you can actually
> execute that file and/or that the exec will succeed. since this doesn't
> actually fix the problem you've described (and others have pointed out
> that it's not a spec violation), then this patch as-is is dead.
> -mike
diff --git a/ChangeLog b/ChangeLog
index c9023fb..7cc4b61 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2015-09-11 Navid Rahimi <rahimi.nv@gmail.com>
+
+ [BZ #18433]
+ * sysdeps/posix/spawni.c (__spawni): Check child status.
+
2015-09-10 Joseph Myers <joseph@codesourcery.com>
[BZ #2542]
diff --git a/sysdeps/posix/spawni.c b/sysdeps/posix/spawni.c
index eee9331..e0c5ac4 100644
--- a/sysdeps/posix/spawni.c
+++ b/sysdeps/posix/spawni.c
@@ -89,6 +89,12 @@ __spawni (pid_t *pid, const char *file,
char *path, *p, *name;
size_t len;
size_t pathlen;
+ int pipefd[2];
+
+ errno = 0;
+ /* Open Read/Write pipe for parent/child communication */
+ if (__pipe2 (pipefd, O_CLOEXEC))
+ return errno;
/* Do this once. */
short int flags = attrp == NULL ? 0 : attrp->__flags;
@@ -109,20 +115,26 @@ __spawni (pid_t *pid, const char *file,
if (new_pid != 0)
{
- if (new_pid < 0)
+ __close (pipefd[1]);
+ if (new_pid < 0){
+ __close (pipefd[0]);
return errno;
-
+ }
/* The call was successful. Store the PID if necessary. */
if (pid != NULL)
*pid = new_pid;
- return 0;
+ __read (pipefd[0], &errno, sizeof errno);
+ __close (pipefd[0]);
+ return errno;
}
+ else
+ __close (pipefd[0]);
/* Set signal mask. */
if ((flags & POSIX_SPAWN_SETSIGMASK) != 0
&& __sigprocmask (SIG_SETMASK, &attrp->__ss, NULL) != 0)
- _exit (SPAWN_ERROR);
+ goto fail;
/* Set signal default action. */
if ((flags & POSIX_SPAWN_SETSIGDEF) != 0)
@@ -140,7 +152,7 @@ __spawni (pid_t *pid, const char *file,
for (sig = 1; sig <= _NSIG; ++sig)
if (__sigismember (&attrp->__sd, sig) != 0
&& __sigaction (sig, &sa, NULL) != 0)
- _exit (SPAWN_ERROR);
+ goto fail;
}
@@ -150,25 +162,25 @@ __spawni (pid_t *pid, const char *file,
== POSIX_SPAWN_SETSCHEDPARAM)
{
if (__sched_setparam (0, &attrp->__sp) == -1)
- _exit (SPAWN_ERROR);
+ goto fail;
}
else if ((flags & POSIX_SPAWN_SETSCHEDULER) != 0)
{
if (__sched_setscheduler (0, attrp->__policy, &attrp->__sp) == -1)
- _exit (SPAWN_ERROR);
+ goto fail;
}
#endif
/* Set the process group ID. */
if ((flags & POSIX_SPAWN_SETPGROUP) != 0
&& __setpgid (0, attrp->__pgrp) != 0)
- _exit (SPAWN_ERROR);
+ goto fail;
/* Set the effective user and group IDs. */
if ((flags & POSIX_SPAWN_RESETIDS) != 0
&& (local_seteuid (__getuid ()) != 0
|| local_setegid (__getgid ()) != 0))
- _exit (SPAWN_ERROR);
+ goto fail;
/* Execute the file actions. */
if (file_actions != NULL)
@@ -196,7 +208,7 @@ __spawni (pid_t *pid, const char *file,
if (action->action.close_action.fd < 0
|| action->action.close_action.fd >= fdlimit.rlim_cur)
/* Signal the error. */
- _exit (SPAWN_ERROR);
+ goto fail;
}
break;
@@ -209,7 +221,7 @@ __spawni (pid_t *pid, const char *file,
if (new_fd == -1)
/* The `open' call failed. */
- _exit (SPAWN_ERROR);
+ goto fail;
/* Make sure the desired file descriptor is used. */
if (new_fd != action->action.open_action.fd)
@@ -217,11 +229,11 @@ __spawni (pid_t *pid, const char *file,
if (__dup2 (new_fd, action->action.open_action.fd)
!= action->action.open_action.fd)
/* The `dup2' call failed. */
- _exit (SPAWN_ERROR);
+ goto fail;
if (close_not_cancel (new_fd) != 0)
/* The `close' call failed. */
- _exit (SPAWN_ERROR);
+ goto fail;
}
}
break;
@@ -231,7 +243,7 @@ __spawni (pid_t *pid, const char *file,
action->action.dup2_action.newfd)
!= action->action.dup2_action.newfd)
/* The `dup2' call failed. */
- _exit (SPAWN_ERROR);
+ goto fail;
break;
}
}
@@ -245,7 +257,7 @@ __spawni (pid_t *pid, const char *file,
maybe_script_execute (file, argv, envp, xflags);
/* Oh, oh. `execve' returns. This is bad. */
- _exit (SPAWN_ERROR);
+ goto fail;
}
/* We have to search for FILE on the path. */
@@ -304,11 +316,15 @@ __spawni (pid_t *pid, const char *file,
/* Some other error means we found an executable file, but
something went wrong executing it; return the error to our
caller. */
- _exit (SPAWN_ERROR);
+ goto fail;
}
}
while (*p++ != '\0');
+ fail:
+ /* Send parent what was the reason of failure */
+ __write (pipefd[1], &errno, sizeof errno);
+ __close (pipefd[1]);
/* Return with an error. */
_exit (SPAWN_ERROR);
}