| Age | Commit message (Collapse) | Author |
|---|
|
We need to be extremely careful with auth ports since leaking them into
subprocesses may expose a root-auth port to non-root processes.
Notably, get_nonsugid_ids was caching it, thus preventing glibc's exec
implementation from dropping it. Login is also reimplementing hurdexec
but without all the cloexec logic.
This commit fixes various auth leaks.
|
|
* libihash/ihash.c: Clean up the included header files.
* libshouldbeinlibc/cacheq.c: Likewise.
* libshouldbeinlibc/canon-host.c: Likewise.
* libshouldbeinlibc/fsysops.c: Likewise.
* libshouldbeinlibc/idvec-auth.c: Likewise.
* libshouldbeinlibc/idvec.c: Likewise.
* libshouldbeinlibc/idvec.h: Likewise.
* libshouldbeinlibc/localhost.c: Likewise.
* libshouldbeinlibc/maptime.c: Likewise.
* libshouldbeinlibc/nullauth.c: Likewise.
* libshouldbeinlibc/portxlate.c: Likewise.
* libshouldbeinlibc/shared-dom.c: Likewise.
* libshouldbeinlibc/ugids-argp.c: Likewise.
* libshouldbeinlibc/ugids-auth.c: Likewise.
* libshouldbeinlibc/ugids-imply.c: Likewise.
* libshouldbeinlibc/ugids-merge.c: Likewise.
* libshouldbeinlibc/ugids-subtract.c: Likewise.
* libshouldbeinlibc/ugids-verify-auth.c: Likewise.
* libshouldbeinlibc/ugids-verify.c: Likewise.
* libshouldbeinlibc/ugids.c: Likewise.
* libshouldbeinlibc/ugids.h: Likewise.
* libshouldbeinlibc/wire.c: Likewise.
|
|
setnullauth () obtains an empty authentication handle and uses it for
further authentication purposes. This effectively drops all Unix
privileges.
* libshouldbeinlibc/nullauth.c: New file.
* libshouldbeinlibc/nullauth.h: Likewise.
* libshouldbeinlibc/Makefile: Add nullauth.{c,h}.
|
