From a828c2f5332fbee41968ccc57115d0d8fc105b85 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Fri, 9 Jul 1999 16:18:17 +0000 Subject: Update. * sysdeps/generic/libc-start.c: For SUID binaries check whether the standard file descriptors are open. Reported by Chris Evans . --- sysdeps/generic/libc-start.c | 43 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) (limited to 'sysdeps/generic') diff --git a/sysdeps/generic/libc-start.c b/sysdeps/generic/libc-start.c index c1a4c1e55f..191a1e017f 100644 --- a/sysdeps/generic/libc-start.c +++ b/sysdeps/generic/libc-start.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1998 Free Software Foundation, Inc. +/* Copyright (C) 1998, 1999 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -16,8 +16,12 @@ write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ +#include +#include +#include #include #include +#include #include extern void __libc_init_first (int argc, char **argv, char **envp); @@ -27,6 +31,9 @@ weak_extern (_dl_starting_up) extern int __libc_multiple_libcs; extern void *__libc_stack_end; +/* Prototype for local function. */ +static void check_standard_fds (void); + int __libc_start_main (int (*main) (int, char **, char **), int argc, char **argv, void (*init) (void), void (*fini) (void), @@ -47,6 +54,11 @@ __libc_start_main (int (*main) (int, char **, char **), int argc, /* Set the global _environ variable correctly. */ __environ = &argv[argc + 1]; + /* Some security at this point. Prevent starting a SUID binary where + the standard file descriptors are not opened. */ + if (__libc_enable_secure) + check_standard_fds (); + /* Register the destructor of the dynamic linker if there is any. */ if (rtld_fini != NULL) atexit (rtld_fini); @@ -77,3 +89,32 @@ __libc_start_main (int (*main) (int, char **, char **), int argc, exit ((*main) (argc, argv, __environ)); } + + +/* Should other OSes (e.g., Hurd) have different versions which can + be written in a better way? */ +static void +check_one_fd (int fd, int mode) +{ + if (__fcntl (fd, F_GETFD) == -1 && errno == EBADF) + { + /* Something is wrong with this descriptor, it's probably not + opened. Open /dev/null so that the SUID program we are + about to start does not accidently use this descriptor. */ + int nullfd = __open (_PATH_DEVNULL, mode); + if (nullfd == -1) + /* We cannot even given an error message here since it would + run into the same problems. */ + abort (); + } +} + + +static void +check_standard_fds (void) +{ +/* Check all three standard file descriptors. */ + check_one_fd (STDIN_FILENO, O_RDONLY); + check_one_fd (STDOUT_FILENO, O_RDWR); + check_one_fd (STDERR_FILENO, O_RDWR); +} -- cgit 1.4.1