[sudo-workers] execve() failure & closefrom() in fork_cmnd()
Todd C. Miller
Todd.Miller at courtesan.com
Tue Nov 29 19:53:05 EST 2011
On Tue, 29 Nov 2011 17:47:46 +0100, Daniel Kopecek wrote:
> It seems that the usage of closefrom() in the fork_cmnd() function
> (http://www.sudo.ws/repos/sudo/file/ec0f2beaad36/src/exec.c#l140) should
> take into consideration that the execve() call might fail and ensure
> that the sv[1] descriptor used for sending the cstat structure back to
> the parent process stays open. In the current state and with
> def_closefrom not set to some higher number than sv[1], the descriptor
> gets closed and sudo doesn't report an error.
Good catch. I've just committed a fix that uses dup2() + FD_CLOEXEC
to avoid closing sv[1] in the closefrom() call.
- todd
More information about the sudo-workers
mailing list