diff options
| author | Yu Watanabe <watanabe.yu+github@gmail.com> | 2023-04-17 02:09:38 +0900 |
|---|---|---|
| committer | Mike Yuan <me@yhndnzj.com> | 2023-04-17 05:46:32 +0800 |
| commit | 2cd04086ee555ae9b1423f6a4c5adeffd2affd72 (patch) | |
| tree | 3957c0bdcdc79f638b221994042663269505fd03 | |
| parent | 451812680755bdf62512bc3c174278280d5ce9cb (diff) | |
| download | systemd-2cd04086ee555ae9b1423f6a4c5adeffd2affd72.tar.gz | |
process-util: make safe_fork() unset $NOTIFY_SOCKET
Propagating $NOTIFY_SOCKET is typically dangerous. Let's unset it unless
explicitly requested to keep it.
Fixes #27288.
Replaces #27291.
| -rw-r--r-- | src/basic/process-util.c | 8 | ||||
| -rw-r--r-- | src/basic/process-util.h | 1 | ||||
| -rw-r--r-- | src/sysupdate/sysupdate-resource.c | 1 | ||||
| -rw-r--r-- | src/sysupdate/sysupdate-transfer.c | 1 | ||||
| -rw-r--r-- | src/udev/udevd.c | 2 |
5 files changed, 9 insertions, 4 deletions
diff --git a/src/basic/process-util.c b/src/basic/process-util.c index 58503cf22d..a9826d94d3 100644 --- a/src/basic/process-util.c +++ b/src/basic/process-util.c @@ -1365,6 +1365,14 @@ int safe_fork_full( } } + if (!FLAGS_SET(flags, FORK_KEEP_NOTIFY_SOCKET)) { + r = RET_NERRNO(unsetenv("NOTIFY_SOCKET")); + if (r < 0) { + log_full_errno(prio, r, "Failed to unset $NOTIFY_SOCKET: %m"); + _exit(EXIT_FAILURE); + } + } + if (ret_pid) *ret_pid = getpid_cached(); diff --git a/src/basic/process-util.h b/src/basic/process-util.h index 5188f3c605..230a0edb09 100644 --- a/src/basic/process-util.h +++ b/src/basic/process-util.h @@ -156,6 +156,7 @@ typedef enum ForkFlags { FORK_FLUSH_STDIO = 1 << 13, /* fflush() stdout (and stderr) before forking */ FORK_NEW_USERNS = 1 << 14, /* Run child in its own user namespace */ FORK_CLOEXEC_OFF = 1 << 15, /* In the child: turn off O_CLOEXEC on all fds in except_fds[] */ + FORK_KEEP_NOTIFY_SOCKET = 1 << 16, /* Unless this specified, $NOTIFY_SOCKET will be unset. */ } ForkFlags; int safe_fork_full( diff --git a/src/sysupdate/sysupdate-resource.c b/src/sysupdate/sysupdate-resource.c index c918de79cc..5f06377ade 100644 --- a/src/sysupdate/sysupdate-resource.c +++ b/src/sysupdate/sysupdate-resource.c @@ -284,7 +284,6 @@ static int download_manifest( NULL }; - (void) unsetenv("NOTIFY_SOCKET"); execv(pull_binary_path(), (char *const*) cmdline); log_error_errno(errno, "Failed to execute %s tool: %m", pull_binary_path()); _exit(EXIT_FAILURE); diff --git a/src/sysupdate/sysupdate-transfer.c b/src/sysupdate/sysupdate-transfer.c index 6789f48967..8ae58c2b1b 100644 --- a/src/sysupdate/sysupdate-transfer.c +++ b/src/sysupdate/sysupdate-transfer.c @@ -793,7 +793,6 @@ static int run_helper( if (r == 0) { /* Child */ - (void) unsetenv("NOTIFY_SOCKET"); execv(path, (char *const*) cmdline); log_error_errno(errno, "Failed to execute %s tool: %m", path); _exit(EXIT_FAILURE); diff --git a/src/udev/udevd.c b/src/udev/udevd.c index d70fccde41..c56956c378 100644 --- a/src/udev/udevd.c +++ b/src/udev/udevd.c @@ -706,8 +706,6 @@ static int worker_main(Manager *_manager, sd_device_monitor *monitor, sd_device assert(monitor); assert(dev); - assert_se(unsetenv("NOTIFY_SOCKET") == 0); - assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, -1) >= 0); /* Reset OOM score, we only protect the main daemon. */ |