mirror of
git://git.gnupg.org/gnupg.git
synced 2025-01-10 13:04:23 +01:00
* rndunix.c (my_popen): Make sure that stdin and stderr are
connected to a file. This is to avoid NetBSD to complain about set{u,g}id programs invoked with fd 0, 2 closed. Reported by Cristian Biere. (start_gatherer): Likewise. Reordered code. * configure.ac (NAME_OF_DEV_URANDOM): Don't use /dev/srandom for NetBSD. Noted by Christian Biere.
This commit is contained in:
parent
1d79b75b9c
commit
0aa7112f1c
@ -1,3 +1,8 @@
|
|||||||
|
2002-10-12 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
|
* configure.ac (NAME_OF_DEV_URANDOM): Don't use /dev/srandom for
|
||||||
|
NetBSD. Noted by Christian Biere.
|
||||||
|
|
||||||
2002-10-07 David Shaw <dshaw@jabberwocky.com>
|
2002-10-07 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* configure.ac: OpenLDAP 2.0.27 changed the dependencies again.
|
* configure.ac: OpenLDAP 2.0.27 changed the dependencies again.
|
||||||
|
@ -1,3 +1,11 @@
|
|||||||
|
2002-10-12 Werner Koch <wk@gnupg.org>
|
||||||
|
|
||||||
|
* rndunix.c (my_popen): Make sure that stdin and stderr are
|
||||||
|
connected to a file. This is to avoid NetBSD to complain about
|
||||||
|
set{u,g}id programs invoked with fd 0, 2 closed. Reported by
|
||||||
|
Cristian Biere.
|
||||||
|
(start_gatherer): Likewise. Reordered code.
|
||||||
|
|
||||||
2002-10-02 David Shaw <dshaw@jabberwocky.com>
|
2002-10-02 David Shaw <dshaw@jabberwocky.com>
|
||||||
|
|
||||||
* tiger.c (tiger_get_info): Select the OID to use for TIGER at
|
* tiger.c (tiger_get_info): Select the OID to use for TIGER at
|
||||||
|
@ -391,10 +391,17 @@ my_popen(struct RI *entry)
|
|||||||
|
|
||||||
if (entry->pid == (pid_t) 0) {
|
if (entry->pid == (pid_t) 0) {
|
||||||
struct passwd *passwd;
|
struct passwd *passwd;
|
||||||
|
int fd;
|
||||||
|
|
||||||
/* We are the child. Make the read side of the pipe be stdout */
|
/* We are the child. Make the read side of the pipe be stdout */
|
||||||
if (dup2(pipedes[STDOUT_FILENO], STDOUT_FILENO) < 0)
|
if (dup2(pipedes[STDOUT_FILENO], STDOUT_FILENO) < 0)
|
||||||
exit(127);
|
exit(127);
|
||||||
|
/* Connect the other standard handles to the bit bucket. */
|
||||||
|
if ((fd = open ("/dev/null", O_RDWR)) != -1) {
|
||||||
|
dup2 (fd, STDIN_FILENO);
|
||||||
|
dup2 (fd, STDERR_FILENO);
|
||||||
|
close (fd);
|
||||||
|
}
|
||||||
|
|
||||||
/* Now that everything is set up, give up our permissions to make
|
/* Now that everything is set up, give up our permissions to make
|
||||||
* sure we don't read anything sensitive. If the getpwnam() fails,
|
* sure we don't read anything sensitive. If the getpwnam() fails,
|
||||||
@ -405,7 +412,7 @@ my_popen(struct RI *entry)
|
|||||||
|
|
||||||
setuid(gatherer_uid);
|
setuid(gatherer_uid);
|
||||||
|
|
||||||
/* Close the pipe descriptors */
|
/* Close the pipe descriptors. */
|
||||||
close(pipedes[STDIN_FILENO]);
|
close(pipedes[STDIN_FILENO]);
|
||||||
close(pipedes[STDOUT_FILENO]);
|
close(pipedes[STDOUT_FILENO]);
|
||||||
|
|
||||||
@ -659,28 +666,6 @@ start_gatherer( int pipefd )
|
|||||||
}
|
}
|
||||||
dbgall = !!getenv("GNUPG_RNDUNIX_DBGALL");
|
dbgall = !!getenv("GNUPG_RNDUNIX_DBGALL");
|
||||||
}
|
}
|
||||||
/* close all files but the ones we need */
|
|
||||||
{ int nmax, n1, n2, i;
|
|
||||||
#ifdef _SC_OPEN_MAX
|
|
||||||
if( (nmax=sysconf( _SC_OPEN_MAX )) < 0 ) {
|
|
||||||
#ifdef _POSIX_OPEN_MAX
|
|
||||||
nmax = _POSIX_OPEN_MAX;
|
|
||||||
#else
|
|
||||||
nmax = 20; /* assume a reasonable value */
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
#else
|
|
||||||
nmax = 20; /* assume a reasonable value */
|
|
||||||
#endif
|
|
||||||
n1 = fileno( stderr );
|
|
||||||
n2 = dbgfp? fileno( dbgfp ) : -1;
|
|
||||||
for(i=0; i < nmax; i++ ) {
|
|
||||||
if( i != n1 && i != n2 && i != pipefd )
|
|
||||||
close(i);
|
|
||||||
}
|
|
||||||
errno = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
/* Set up the buffer */
|
/* Set up the buffer */
|
||||||
@ -705,7 +690,39 @@ start_gatherer( int pipefd )
|
|||||||
signal(SIGCHLD, SIG_DFL);
|
signal(SIGCHLD, SIG_DFL);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
fclose(stderr); /* Arrghh!! It's Stuart code!! */
|
fflush (stderr);
|
||||||
|
/* Arrghh!! It's Stuart code!! */
|
||||||
|
/* (close all files but the ones we need) */
|
||||||
|
{ int nmax, n1, i;
|
||||||
|
#ifdef _SC_OPEN_MAX
|
||||||
|
if( (nmax=sysconf( _SC_OPEN_MAX )) < 0 ) {
|
||||||
|
#ifdef _POSIX_OPEN_MAX
|
||||||
|
nmax = _POSIX_OPEN_MAX;
|
||||||
|
#else
|
||||||
|
nmax = 20; /* assume a reasonable value */
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
nmax = 20; /* assume a reasonable value */
|
||||||
|
#endif
|
||||||
|
{
|
||||||
|
int fd;
|
||||||
|
if ((fd = open ("/dev/null", O_RDWR)) != -1) {
|
||||||
|
dup2 (fd, STDIN_FILENO);
|
||||||
|
dup2 (fd, STDOUT_FILENO);
|
||||||
|
dup2 (fd, STDERR_FILENO);
|
||||||
|
close (fd);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
n1 = dbgfp? fileno (dbgfp) : -1;
|
||||||
|
for(i=0; i < nmax; i++ ) {
|
||||||
|
if (i != STDIN_FILENO && i != STDOUT_FILENO && i != STDERR_FILENO
|
||||||
|
&& i != n1 && i != pipefd )
|
||||||
|
close(i);
|
||||||
|
}
|
||||||
|
errno = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
for(;;) {
|
for(;;) {
|
||||||
GATHER_MSG msg;
|
GATHER_MSG msg;
|
||||||
|
@ -468,7 +468,7 @@ AC_DEFINE_UNQUOTED(PRINTABLE_OS_NAME, "$PRINTABLE_OS_NAME",
|
|||||||
NAME_OF_DEV_RANDOM="/dev/random"
|
NAME_OF_DEV_RANDOM="/dev/random"
|
||||||
NAME_OF_DEV_URANDOM="/dev/urandom"
|
NAME_OF_DEV_URANDOM="/dev/urandom"
|
||||||
case "${target}" in
|
case "${target}" in
|
||||||
*-openbsd* | *-netbsd*)
|
*-openbsd*)
|
||||||
NAME_OF_DEV_RANDOM="/dev/srandom"
|
NAME_OF_DEV_RANDOM="/dev/srandom"
|
||||||
NAME_OF_DEV_URANDOM="/dev/urandom"
|
NAME_OF_DEV_URANDOM="/dev/urandom"
|
||||||
;;
|
;;
|
||||||
|
Loading…
x
Reference in New Issue
Block a user