avoid leaking netlink socket fd to external programs

The netlink socket is now used by udev event processes. We should take
care not to pass it to the programs they execute. This is the same way
the inotify fd was handled.

Signed-off-by: Alan Jenkins <alan-jenkins@tuffmail.co.uk>

diff --git a/udev/lib/libudev-monitor.c b/udev/lib/libudev-monitor.c
index d006596e07ffc612c17e6bff8f5a957c33a0bc42..a8b1a4e2e51195a6dd71e04776d6400bdf0a70e4 100644 (file)
--- a/udev/lib/libudev-monitor.c
+++ b/udev/lib/libudev-monitor.c
@@ -92,6 +92,8 @@ struct udev_monitor *udev_monitor_new_from_socket(struct udev *udev, const char
                free(udev_monitor);
                return NULL;
        }
                free(udev_monitor);
                return NULL;
        }

+       util_set_fd_cloexec(udev_monitor->sock);
+

        dbg(udev, "monitor %p created with '%s'\n", udev_monitor, socket_path);
        return udev_monitor;
 }
        dbg(udev, "monitor %p created with '%s'\n", udev_monitor, socket_path);
        return udev_monitor;
 }


@@ -125,6 +127,7 @@ struct udev_monitor *udev_monitor_new_from_netlink(struct udev *udev, const char
                free(udev_monitor);
                return NULL;
        }
                free(udev_monitor);
                return NULL;
        }

+       util_set_fd_cloexec(udev_monitor->sock);

 
        udev_monitor->snl.nl_family = AF_NETLINK;
        udev_monitor->snl.nl_groups = group;
 
        udev_monitor->snl.nl_family = AF_NETLINK;
        udev_monitor->snl.nl_groups = group;

diff --git a/udev/lib/libudev-private.h b/udev/lib/libudev-private.h
index c7b74a42185a358bf4cd20637d26f60c128f2299..1e47d510803f58d4da056823cda78a74d1014876 100644 (file)
--- a/udev/lib/libudev-private.h
+++ b/udev/lib/libudev-private.h
@@ -172,4 +172,5 @@ extern size_t util_strlcat(char *dst, const char *src, size_t size);
 extern int udev_util_replace_whitespace(const char *str, char *to, size_t len);
 extern int udev_util_replace_chars(char *str, const char *white);
 extern int udev_util_encode_string(const char *str, char *str_enc, size_t len);
 extern int udev_util_replace_whitespace(const char *str, char *to, size_t len);
 extern int udev_util_replace_chars(char *str, const char *white);
 extern int udev_util_encode_string(const char *str, char *str_enc, size_t len);

+extern void util_set_fd_cloexec(int fd);

 #endif
 #endif

diff --git a/udev/lib/libudev-util.c b/udev/lib/libudev-util.c
index 867a41d21120df2361c75bcfcf1ef5e6e96fdb4d..b628fdd44c33a35eea72535b029838c19f0ee76d 100644 (file)
--- a/udev/lib/libudev-util.c
+++ b/udev/lib/libudev-util.c
@@ -448,3 +448,15 @@ int udev_util_encode_string(const char *str, char *str_enc, size_t len)
 err:
        return -1;
 }
 err:
        return -1;
 }

+
+void util_set_fd_cloexec(int fd)
+{
+       int flags;
+
+       flags = fcntl(fd, F_GETFD);
+       if (flags < 0)
+               flags = FD_CLOEXEC;
+       else
+               flags |= FD_CLOEXEC;
+       fcntl(fd, F_SETFD, flags);
+}

diff --git a/udev/udev-watch.c b/udev/udev-watch.c
index e2c096af0f4d0f3459f57805815894c9c7d4c564..d333476346375a4e377f9031b1000f27ce5c77fc 100644 (file)
--- a/udev/udev-watch.c
+++ b/udev/udev-watch.c
@@ -41,16 +41,9 @@ int inotify_fd = -1;
 void udev_watch_init(struct udev *udev)
 {
        inotify_fd = inotify_init();
 void udev_watch_init(struct udev *udev)
 {
        inotify_fd = inotify_init();

-       if (inotify_fd >= 0) {
-               int flags;
-
-               flags = fcntl(inotify_fd, F_GETFD);
-               if (flags < 0)
-                       flags = FD_CLOEXEC;
-               else
-                       flags |= FD_CLOEXEC;
-               fcntl(inotify_fd, F_SETFD, flags);
-       } else if (errno == ENOSYS)
+       if (inotify_fd >= 0)
+               util_set_fd_cloexec(inotify_fd);
+       else if (errno == ENOSYS)

                info(udev, "unable to use inotify, udevd will not monitor rule files changes\n");
        else
                err(udev, "inotify_init failed: %m\n");
                info(udev, "unable to use inotify, udevd will not monitor rule files changes\n");
        else
                err(udev, "inotify_init failed: %m\n");