Prevent unintended file desriptor leak in grantpt.

The pt_chown program is completely transparently called. It might not be able to live with the various file descriptors the program has open at the time of the call (e.g., under SELinux). Close all but the needed descriptor and connect stdin, stdout, and stderr with /dev/null. pt_chown shouldn't print anything when called to do real work. (cherry picked from commit 139ee080b6b428240bf49f3e6361f3ac729f891a)
author: Andreas Schwab <schwab@redhat.com> 2009-11-25 14:04:18 +0100
committer: Andreas Schwab <schwab@redhat.com> 2009-11-25 14:04:18 +0100
commit: f3a93a0820949f67c95eda882e4f4331ad26accd (patch)
tree: ac1945db69088fc86620e9d8264069a4c532925c /login
parent: 8757dec424e2fc887623104565243bdd66cd609b (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/login/programs/pt_chown.c b/login/programs/pt_chown.c
index 7e279a5f3b..4c36f2ceac 100644
--- a/login/programs/pt_chown.c
+++ b/login/programs/pt_chown.c
@@ -154,8 +154,7 @@ main (int argc, char *argv[])
 # define ncap_list (sizeof (cap_list) / sizeof (cap_list[0]))
 	  cap_t caps = cap_init ();
 	  if (caps == NULL)
-	    error (FAIL_ENOMEM, errno,
-		   _("Failed to initialize drop of capabilities"));
+	    return FAIL_ENOMEM;
 
 	  /* There is no reason why these should not work.  */
 	  cap_set_flag (caps, CAP_PERMITTED, ncap_list, cap_list, CAP_SET);
@@ -166,7 +165,7 @@ main (int argc, char *argv[])
 	  cap_free (caps);
 
 	  if (__builtin_expect (res != 0, 0))
-	    error (FAIL_EXEC, errno, _("cap_set_proc failed"));
+	    return FAIL_EXEC;
 	}
 #endif
author	Andreas Schwab <schwab@redhat.com>	2009-11-25 14:04:18 +0100
committer	Andreas Schwab <schwab@redhat.com>	2009-11-25 14:04:18 +0100
commit	f3a93a0820949f67c95eda882e4f4331ad26accd (patch)
tree	ac1945db69088fc86620e9d8264069a4c532925c /login
parent	8757dec424e2fc887623104565243bdd66cd609b (diff)