Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 5a0cc7f
Fix /dev/null not open before chroot
gearnode committed 3 years ago
commit 5a0cc7f37e783a636e11f5499f5f8449ed318e0e
parent 5ac1b91
5 files changed +31 -11
modified libpkg/pkg.h.in
@@ -763,6 +763,9 @@ int pkgdb_set2(struct pkgdb *db, struct pkg *pkg, ...);
int64_t pkg_set_debug_level(int64_t debug_level);

int pkg_set_rootdir(const char *rootdir);
+ 
int pkg_open_devnull(void);
+ 
void pkg_close_devnull(void);
+ 


/**

 * Allocate a new struct pkg and add it to the deps of pkg.

 * @return An error code.
modified libpkg/pkg_config.c
@@ -72,6 +72,7 @@ struct pkg_ctx ctx = {
	.rootfd = -1,

	.cachedirfd = -1,

	.pkg_dbdirfd = -1,
+ 
	.devnullfd = -1,

	.osversion = 0,

	.backup_libraries = false,

	.triggers = true,
@@ -1683,3 +1684,24 @@ pkg_get_dbdirfd(void)


	return (ctx.pkg_dbdirfd);

}
+
+ 
int
+ 
pkg_open_devnull(void) {
+ 
	pkg_close_devnull();
+
+ 
	if ((ctx.devnullfd = open("/dev/null", O_RDWR)) < 0) {
+ 
		pkg_emit_error("Cannot open /dev/null");
+ 
		return (EPKG_FATAL);
+ 
	}
+
+ 
	return (EPKG_OK);
+ 
}
+
+ 
void
+ 
pkg_close_devnull(void) {
+ 
	if (ctx.devnullfd != 1) {
+ 
		close(ctx.devnullfd);
+ 
	}
+
+ 
	return;
+ 
}
modified libpkg/private/pkg.h
@@ -158,6 +158,7 @@ struct pkg_ctx {
	int compression_level;

	int rootfd;

	int cachedirfd;
+ 
	int devnullfd;

	int dbdirfd;

	int pkg_dbdirfd;

	int osversion;
modified libpkg/scripts.c
@@ -61,7 +61,6 @@ pkg_script_run(struct pkg * const pkg, pkg_script type, bool upgrade)
	const char *argv[4];

	char **ep;

	int ret = EPKG_OK;
- 
	int fd = -1;

	int stdin_pipe[2] = {-1, -1};

	posix_spawn_file_actions_t action;

	bool use_pipe = 0;
@@ -181,15 +180,8 @@ pkg_script_run(struct pkg * const pkg, pkg_script type, bool upgrade)


				use_pipe = 1;

			} else {
- 
				fd = open("/dev/null", O_RDWR);
- 
				if (fd < 0) {
- 
					pkg_errno("Cannot open %s", "/dev/null");
- 
					ret = EPKG_FATAL;
- 
					posix_spawn_file_actions_destroy(&action);
- 
					goto cleanup;
- 
				}

				posix_spawn_file_actions_adddup2(&action,
- 
				    fd, STDIN_FILENO);
+ 
				    ctx.devnullfd, STDIN_FILENO);



				argv[0] = _PATH_BSHELL;

				argv[1] = "-c";
@@ -209,8 +201,6 @@ pkg_script_run(struct pkg * const pkg, pkg_script type, bool upgrade)
			}

			posix_spawn_file_actions_destroy(&action);
- 
			if (fd != -1)
- 
				close(fd);

			if (use_pipe) {

				script_cmd_p = script_cmd->buf;

				while (script_len > 0) {
modified src/main.c
@@ -698,6 +698,8 @@ main(int argc, char **argv)
	argv += optind;



	pkg_set_debug_level(debug);
+ 
	if (pkg_open_devnull() != EPKG_OK)
+ 
		errx(EXIT_FAILURE, "Cannot open dev/null");



	if (version == 1)

		show_version_info(version);
@@ -890,6 +892,8 @@ main(int argc, char **argv)
	if (save_argv != argv)

		free(argv);
+ 
	pkg_close_devnull();
+ 


	if (ret == EXIT_SUCCESS && newpkgversion)

		return (EX_NEEDRESTART);