diff options
author | Lennart Poettering <lennart@poettering.net> | 2019-08-15 09:34:05 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2019-11-22 10:54:52 +0100 |
commit | a0c41de277234b57bbcd6a315c9fcc5ec64e9f7c (patch) | |
tree | 646c6b9d6586e63ef6e53f402a422404fb1efc04 | |
parent | 45a6c965986d484bd1d7d7d1978dbf0d82baec69 (diff) | |
download | systemd-a0c41de277234b57bbcd6a315c9fcc5ec64e9f7c.tar.gz |
varlink: move connection fds > fd2
We want to use this code in NSS modules, and we never know the execution
environment we are run in there, hence let's move our fds up to ensure
we won't step into dangerous fd territory.
This is similar to how we already do it in sd-bus for client connection
fds.
-rw-r--r-- | src/shared/varlink.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/shared/varlink.c b/src/shared/varlink.c index 7a566762fa..a23525b0a4 100644 --- a/src/shared/varlink.c +++ b/src/shared/varlink.c @@ -287,6 +287,8 @@ int varlink_connect_address(Varlink **ret, const char *address) { if (v->fd < 0) return -errno; + v->fd = fd_move_above_stdio(v->fd); + if (connect(v->fd, &sockaddr.sa, SOCKADDR_UN_LEN(sockaddr.un)) < 0) { if (!IN_SET(errno, EAGAIN, EINPROGRESS)) return -errno; @@ -2220,6 +2222,8 @@ int varlink_server_listen_address(VarlinkServer *s, const char *address, mode_t if (fd < 0) return -errno; + fd = fd_move_above_stdio(fd); + (void) sockaddr_un_unlink(&sockaddr.un); RUN_WITH_UMASK(~m & 0777) |