| xf.li | bdd93d5 | 2023-05-12 07:10:14 -0700 | [diff] [blame] | 1 | /* Copyright (C) 2000-2016 Free Software Foundation, Inc. |
| 2 | This file is part of the GNU C Library. |
| 3 | |
| 4 | The GNU C Library is free software; you can redistribute it and/or |
| 5 | modify it under the terms of the GNU Lesser General Public |
| 6 | License as published by the Free Software Foundation; either |
| 7 | version 2.1 of the License, or (at your option) any later version. |
| 8 | |
| 9 | The GNU C Library is distributed in the hope that it will be useful, |
| 10 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 11 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| 12 | Lesser General Public License for more details. |
| 13 | |
| 14 | You should have received a copy of the GNU Lesser General Public |
| 15 | License along with the GNU C Library; if not, see |
| 16 | <http://www.gnu.org/licenses/>. */ |
| 17 | |
| 18 | #include <errno.h> |
| 19 | #include <fcntl.h> |
| 20 | #include <paths.h> |
| 21 | #include <unistd.h> |
| 22 | #include <sys/stat.h> |
| 23 | #include <sys/sysmacros.h> |
| 24 | |
| 25 | /* Try to get a machine dependent instruction which will make the |
| 26 | program crash. This is used in case everything else fails. */ |
| 27 | #include <abort-instr.h> |
| 28 | #ifndef ABORT_INSTRUCTION |
| 29 | /* No such instruction is available. */ |
| 30 | # define ABORT_INSTRUCTION |
| 31 | #endif |
| 32 | |
| 33 | #include <device-nrs.h> |
| 34 | #include <not-cancel.h> |
| 35 | |
| 36 | |
| 37 | /* Should other OSes (e.g., Hurd) have different versions which can |
| 38 | be written in a better way? */ |
| 39 | static void |
| 40 | check_one_fd (int fd, int mode) |
| 41 | { |
| 42 | /* Note that fcntl() with this parameter is not a cancellation point. */ |
| 43 | if (__builtin_expect (__libc_fcntl (fd, F_GETFD), 0) == -1 |
| 44 | && errno == EBADF) |
| 45 | { |
| 46 | const char *name; |
| 47 | dev_t dev; |
| 48 | |
| 49 | /* For writable descriptors we use /dev/full. */ |
| 50 | if ((mode & O_ACCMODE) == O_WRONLY) |
| 51 | { |
| 52 | name = _PATH_DEV "full"; |
| 53 | dev = makedev (DEV_FULL_MAJOR, DEV_FULL_MINOR); |
| 54 | } |
| 55 | else |
| 56 | { |
| 57 | name = _PATH_DEVNULL; |
| 58 | dev = makedev (DEV_NULL_MAJOR, DEV_NULL_MINOR); |
| 59 | } |
| 60 | |
| 61 | /* Something is wrong with this descriptor, it's probably not |
| 62 | opened. Open /dev/null so that the SUID program we are |
| 63 | about to start does not accidentally use this descriptor. */ |
| 64 | int nullfd = open_not_cancel (name, mode, 0); |
| 65 | |
| 66 | /* We are very paranoid here. With all means we try to ensure |
| 67 | that we are actually opening the /dev/null device and nothing |
| 68 | else. |
| 69 | |
| 70 | Note that the following code assumes that STDIN_FILENO, |
| 71 | STDOUT_FILENO, STDERR_FILENO are the three lowest file |
| 72 | decsriptor numbers, in this order. */ |
| 73 | struct stat64 st; |
| 74 | if (__builtin_expect (nullfd != fd, 0) |
| 75 | || __builtin_expect (__fxstat64 (_STAT_VER, fd, &st), 0) != 0 |
| 76 | || __builtin_expect (S_ISCHR (st.st_mode), 1) == 0 |
| 77 | || st.st_rdev != dev) |
| 78 | /* We cannot even give an error message here since it would |
| 79 | run into the same problems. */ |
| 80 | while (1) |
| 81 | /* Try for ever and ever. */ |
| 82 | ABORT_INSTRUCTION; |
| 83 | } |
| 84 | } |
| 85 | |
| 86 | |
| 87 | void |
| 88 | __libc_check_standard_fds (void) |
| 89 | { |
| 90 | /* This is really paranoid but some people actually are. If /dev/null |
| 91 | should happen to be a symlink to somewhere else and not the device |
| 92 | commonly known as "/dev/null" we bail out. We can detect this with |
| 93 | the O_NOFOLLOW flag for open() but only on some system. */ |
| 94 | #ifndef O_NOFOLLOW |
| 95 | # define O_NOFOLLOW 0 |
| 96 | #endif |
| 97 | /* Check all three standard file descriptors. */ |
| 98 | check_one_fd (STDIN_FILENO, O_WRONLY | O_NOFOLLOW); |
| 99 | check_one_fd (STDOUT_FILENO, O_RDONLY | O_NOFOLLOW); |
| 100 | check_one_fd (STDERR_FILENO, O_RDONLY | O_NOFOLLOW); |
| 101 | } |