The util-linux close_all_fds() serves the same purpose as close_range()
that will over time obsolete local implementation completely. For
upcoming few years it is best to have a fallback that uses same input
arguments as the new system call. That allows surrounding code and
variables not to be affected by version of mass file descriptor closing
function.
Proposed-by: Karel Zak <kzak@redhat.com>
Reference: https://github.com/karelzak/util-linux/pull/1205#discussion_r534080128
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
I did this by implementing a function called sendfile_all() similar to
read_all()/write_all().
The manpage for sendfile doesn't mention EINTR, but I decided to check
it anyway, just in case.
Suggested-by: Karel Zak <kzak@redhat.com>
Reviewed-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Egor Chelak <egor.chelak@gmail.com>
Do note that according to man sendfile, "Other UNIX systems implement
sendfile() with different semantics and prototypes."
If this is something we care about, a better check is needed.
Suggested-by: Karel Zak <kzak@redhat.com>
Reviewed-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Egor Chelak <egor.chelak@gmail.com>
Also, a bug in pw_tmpfile was fixed: copyfile used tmp_file to report
errors, but pw_tmpfile only assigned that variable _after_ calling
copyfile.
Suggested-by: Sami Kerola <kerolasa@iki.fi>
Reviewed-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Egor Chelak <egor.chelak@gmail.com>
The classic way which is based on file-descriptors table size is
pretty expensive (due to table size) and forces code to do many
unnecessary close() calls. It seems better to use /proc/self/fds and
close used descriptors only.
Addresses: https://github.com/karelzak/util-linux/issues/883
Signed-off-by: Karel Zak <kzak@redhat.com>
The utils when compiled WITHOUT libuser then mkostemp()ing
"/etc/%s.XXXXXX" where the filename prefix is argv[0] basename.
An attacker could repeatedly execute the util with modified argv[0]
and after many many attempts mkostemp() may generate suffix which
makes sense. The result maybe temporary file with name like rc.status
ld.so.preload or krb5.keytab, etc.
Note that distros usually use libuser based ch{sh,fn} or stuff from
shadow-utils.
It's probably very minor security bug.
Addresses: CVE-2015-5224
Signed-off-by: Karel Zak <kzak@redhat.com>
This function duplicates and marks a file descriptor as close-on-exec.
Takes care of build and run-time support for the fcntl F_DUPFD_CLOEXEC
command, and other errors.
Signed-off-by: Guillem Jover <guillem@hadrons.org>
We can not let the user control where TMPDIR is for this tempfile.
This will be where we write the updated passwd file, and must be
capable of being moved atomically with rename(2). Therefore, it
cannot be on a different device, or setpwnam() and vipw/vigr programs
will invariably fail with EXDEV.
Signed-off-by: Dave Reisner <dreisner@archlinux.org>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Let developer to choose, case by case, what sort of return value is
best in her code. The xmkstemp() is for users who want file
descriptor as return value of the function, xfmkstemp() will return
FILE pointer.
Proposed-By: Karel Zak <kzak@redhat.com>
CC: Davidlohr Bueso <dave@gnu.org>
Reference: http://marc.info/?l=util-linux-ng&m=133129570124003&w=2
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Karel Zak
Sami Kerola
Egor Chelak
Ruediger Meier
Guillem Jover
Dave Reisner