- dtucker@cvs.openbsd.org 2009/11/10 04:30:45

     [sshconnect2.c channels.c sshconnect.c]
     Set close-on-exec on various descriptors so they don't get leaked to
     child processes.  bz #1643, patch from jchadima at redhat, ok deraadt.

diff --git a/ChangeLog b/ChangeLog
index 604b5d773101f152569e34bdfbe57613b9a2ee86..a2cee09d5cfb456cb16a52044374ad373abdbe8d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -47,6 +47,10 @@
      [sshd_config.5]
      clarify that StrictModes does not apply to ChrootDirectory. Permissions
      and ownership are always checked when chrooting. bz#1532
+   - dtucker@cvs.openbsd.org 2009/11/10 04:30:45
+     [sshconnect2.c channels.c sshconnect.c]
+     Set close-on-exec on various descriptors so they don't get leaked to
+     child processes.  bz #1643, patch from jchadima at redhat, ok deraadt.
 
 20091226
  - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1

diff --git a/channels.c b/channels.c
index 884c14c992799c4bf0ec44057939f0af169127ba..eb0c61d8b3be969ee81e787c9aa03443f3cc4b4d 100644 (file)
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.297 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: channels.c,v 1.298 2009/11/10 04:30:44 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -53,6 +53,7 @@
 #include <arpa/inet.h>
 
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -231,7 +232,12 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
        channel_max_fd = MAX(channel_max_fd, wfd);
        channel_max_fd = MAX(channel_max_fd, efd);
 
-       /* XXX set close-on-exec -markus */
+       if (rfd != -1)
+               fcntl(rfd, F_SETFD, FD_CLOEXEC);
+       if (wfd != -1 && wfd != rfd)
+               fcntl(wfd, F_SETFD, FD_CLOEXEC);
+       if (efd != -1 && efd != rfd && efd != wfd)
+               fcntl(efd, F_SETFD, FD_CLOEXEC);
 
        c->rfd = rfd;
        c->wfd = wfd;

diff --git a/sshconnect.c b/sshconnect.c
index a09026e65071e285ed2bd4193fda56f2b5120325..3c8308ffb9755ac639065a334c7c0842c099d1a4 100644 (file)
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.215 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.216 2009/11/10 04:30:45 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -28,6 +28,7 @@
 
 #include <ctype.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #ifdef HAVE_PATHS_H
 #include <paths.h>
@@ -192,8 +193,11 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
        }
        sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol,
            options.rdomain);
-       if (sock < 0)
+       if (sock < 0) {
                error("socket: %.100s", strerror(errno));
+               return -1;
+       }
+       fcntl(sock, F_SETFD, FD_CLOEXEC);
 
        /* Bind the socket to an alternative local IP address */
        if (options.bind_address == NULL)

diff --git a/sshconnect2.c b/sshconnect2.c
index 937bb773dd647610b7d8a140d05ce5b08b628b95..299d4f4e3a197a1c570b688273680ee8c8f92922 100644 (file)
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.173 2009/10/24 11:13:54 andreas Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.174 2009/11/10 04:30:45 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -32,6 +32,7 @@
 #include <sys/stat.h>
 
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <signal.h>
@@ -1527,6 +1528,8 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
                return -1;
        }
        if (pid == 0) {
+               /* keep the socket on exec */
+               fcntl(packet_get_connection_in(), F_SETFD, 0);
                permanently_drop_suid(getuid());
                close(from[0]);
                if (dup2(from[1], STDOUT_FILENO) < 0)