#include "securebits.h"
#include "cgroup.h"
+/* This assumes there is a 'tty' group */
+#define TTY_MODE 0620
+
static int shift_fds(int fds[], unsigned n_fds) {
int start, restart_from;
if ((nfd = fcntl(fds[i], F_DUPFD, i+3)) < 0)
return -errno;
- assert_se(close_nointr(fds[i]) == 0);
+ close_nointr_nofail(fds[i]);
fds[i] = nfd;
/* Hmm, the fd we wanted isn't free? Then
if (fd != nfd) {
r = dup2(fd, nfd) < 0 ? -errno : nfd;
- close_nointr(fd);
+ close_nointr_nofail(fd);
} else
r = nfd;
if (fd != nfd) {
r = dup2(fd, nfd) < 0 ? -errno : nfd;
- close_nointr(fd);
+ close_nointr_nofail(fd);
} else
r = nfd;
static int setup_error(const ExecContext *context, const char *ident) {
assert(context);
+ assert(ident);
/* This expects the input and output are already set up */
}
}
+static int chown_terminal(int fd, uid_t uid) {
+ struct stat st;
+
+ assert(fd >= 0);
+
+ /* This might fail. What matters are the results. */
+ fchown(fd, uid, -1);
+ fchmod(fd, TTY_MODE);
+
+ if (fstat(fd, &st) < 0)
+ return -errno;
+
+ if (st.st_uid != uid ||
+ st.st_mode != TTY_MODE)
+ return -EPERM;
+
+ return 0;
+}
+
static int setup_confirm_stdio(const ExecContext *context,
int *_saved_stdin,
int *_saved_stdout) {
goto fail;
}
+ if (chown_terminal(fd, getuid()) < 0) {
+ r = EXIT_STDIN;
+ goto fail;
+ }
+
if (dup2(fd, STDIN_FILENO) < 0) {
r = EXIT_STDIN;
goto fail;
goto fail;
}
+ if (is_terminal_input(context->std_input))
+ if (chown_terminal(STDIN_FILENO, uid) < 0) {
+ r = EXIT_STDIN;
+ goto fail;
+ }
+
if (apply_chroot) {
if (context->root_directory)
if (chroot(context->root_directory) < 0) {
~ianmdlvl / elogind.git / blobdiff