]> git.ipfire.org Git - ipfire-2.x.git/blob - src/patches/ppp/ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch
projects / ipfire-2.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Added '/var/lib/monit/id' to '/config/backup/includes/monit' to fix Bug #13089
[ipfire-2.x.git] / src / patches / ppp / ppp-2.5.0-2-everywhere-O_CLOEXEC-harder.patch
1 diff -Naur pppd.orig/eap.c pppd/eap.c
2 --- pppd.orig/eap.c 2023-03-25 05:38:30.000000000 +0100
3 +++ pppd/eap.c 2023-06-30 12:58:07.984676045 +0200
4 @@ -1542,7 +1542,7 @@
5
6 if ((path = name_of_pn_file()) == NULL)
7 return (-1);
8 - fd = open(path, modebits, S_IRUSR | S_IWUSR);
9 + fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC);
10 err = errno;
11 free(path);
12 errno = err;
13 diff -Naur pppd.orig/main.c pppd/main.c
14 --- pppd.orig/main.c 2023-03-25 05:38:30.000000000 +0100
15 +++ pppd/main.c 2023-06-30 13:00:15.155195676 +0200
16 @@ -479,7 +479,7 @@
17 die(0);
18
19 /* Make sure fds 0, 1, 2 are open to somewhere. */
20 - fd_devnull = open(PPP_DEVNULL, O_RDWR);
21 + fd_devnull = open(PPP_DEVNULL, O_RDWR | O_CLOEXEC);
22 if (fd_devnull < 0)
23 fatal("Couldn't open %s: %m", PPP_DEVNULL);
24 while (fd_devnull <= 2) {
25 diff -Naur pppd.orig/options.c pppd/options.c
26 --- pppd.orig/options.c 2023-06-30 12:42:19.262593140 +0200
27 +++ pppd/options.c 2023-06-30 13:01:58.388323345 +0200
28 @@ -1718,9 +1718,9 @@
29 ppp_option_error("unable to drop permissions to open %s: %m", *argv);
30 return 0;
31 }
32 - fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
33 + fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644);
34 if (fd < 0 && errno == EEXIST)
35 - fd = open(*argv, O_WRONLY | O_APPEND);
36 + fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC);
37 err = errno;
38 if (!privileged_option && seteuid(euid) == -1)
39 fatal("unable to regain privileges: %m");
40 diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c
41 --- pppd.orig/sys-linux.c 2023-06-30 12:43:20.634453475 +0200
42 +++ pppd/sys-linux.c 2023-06-30 13:11:25.715511251 +0200
43 @@ -666,7 +666,7 @@
44 goto err;
45 }
46 dbglog("using channel %d", chindex);
47 - fd = open("/dev/ppp", O_RDWR);
48 + fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
49 if (fd < 0) {
50 error("Couldn't reopen /dev/ppp: %m");
51 goto err;
52 @@ -904,7 +904,7 @@
53 dbglog("in make_ppp_unit, already had /dev/ppp open?");
54 close(ppp_dev_fd);
55 }
56 - ppp_dev_fd = open("/dev/ppp", O_RDWR);
57 + ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
58 if (ppp_dev_fd < 0)
59 fatal("Couldn't open /dev/ppp: %m");
60 flags = fcntl(ppp_dev_fd, F_GETFL);
61 @@ -1025,7 +1025,7 @@
62 if (!new_style_driver)
63 return -1;
64
65 - master_fd = open("/dev/ppp", O_RDWR);
66 + master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
67 if (master_fd < 0)
68 fatal("Couldn't open /dev/ppp: %m");
69 if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
70 @@ -2533,7 +2533,7 @@
71 if (tune_kernel) {
72 forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
73 if (forw_path != 0) {
74 - int fd = open(forw_path, O_WRONLY);
75 + int fd = open(forw_path, O_WRONLY | O_CLOEXEC);
76 if (fd >= 0) {
77 if (write(fd, "1", 1) != 1)
78 error("Couldn't enable IP forwarding: %m");
79 @@ -2878,7 +2878,7 @@
80 sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
81 kernel_version = KVERSION(osmaj, osmin, ospatch);
82
83 - fd = open("/dev/ppp", O_RDWR);
84 + fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
85 if (fd >= 0) {
86 new_style_driver = 1;
87
88 @@ -3056,7 +3056,7 @@
89 #if __GLIBC__ >= 2
90 updwtmp(_PATH_WTMP, &ut);
91 #else
92 - wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY);
93 + wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC);
94 if (wtmp >= 0) {
95 flock(wtmp, LOCK_EX);
96
97 @@ -3280,7 +3280,7 @@
98 int fd;
99
100 path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
101 - if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
102 + if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) {
103 if (write(fd, "1", 1) != 1)
104 error("Couldn't enable dynamic IP addressing: %m");
105 close(fd);
106 @@ -3534,7 +3534,7 @@
107 /*
108 * Try the unix98 way first.
109 */
110 - mfd = open("/dev/ptmx", O_RDWR);
111 + mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC);
112 if (mfd >= 0) {
113 int ptn;
114 if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
115 @@ -3545,7 +3545,8 @@
116 if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
117 warn("Couldn't unlock pty slave %s: %m", pty_name);
118 #endif
119 - if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
120 +
121 + if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
122 {
123 warn("Couldn't open pty slave %s: %m", pty_name);
124 close(mfd);
125 @@ -3559,10 +3560,10 @@
126 for (i = 0; i < 64; ++i) {
127 slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
128 'p' + i / 16, i % 16);
129 - mfd = open(pty_name, O_RDWR, 0);
130 + mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0);
131 if (mfd >= 0) {
132 pty_name[5] = 't';
133 - sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
134 + sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
135 if (sfd >= 0) {
136 ret = fchown(sfd, uid, -1);
137 if (ret != 0) {
138 diff -Naur pppd.orig/tdb.c pppd/tdb.c
139 --- pppd.orig/tdb.c 2021-07-23 06:41:07.000000000 +0200
140 +++ pppd/tdb.c 2023-06-30 13:12:55.034900600 +0200
141 @@ -1728,7 +1728,7 @@
142 goto internal;
143 }
144
145 - if ((tdb->fd = open(name, open_flags, mode)) == -1) {
146 + if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) {
147 TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
148 name, strerror(errno)));
149 goto fail; /* errno set by open(2) */
150 @@ -1971,7 +1971,7 @@
151 }
152 if (close(tdb->fd) != 0)
153 TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
154 - tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
155 + tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0);
156 if (tdb->fd == -1) {
157 TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
158 goto fail;
159 diff -Naur pppd.orig/tty.c pppd/tty.c
160 --- pppd.orig/tty.c 2023-03-25 05:38:30.000000000 +0100
161 +++ pppd/tty.c 2023-06-30 13:14:06.450418113 +0200
162 @@ -621,7 +621,7 @@
163 ppp_set_status(EXIT_OPEN_FAILED);
164 goto errret;
165 }
166 - real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
167 + real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0);
168 err = errno;
169 if (prio < OPRIO_ROOT && seteuid(0) == -1)
170 fatal("Unable to regain privileges");
171 @@ -775,7 +775,7 @@
172 if (connector == NULL && modem && devnam[0] != 0) {
173 int i;
174 for (;;) {
175 - if ((i = open(devnam, O_RDWR)) >= 0)
176 + if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0)
177 break;
178 if (errno != EINTR) {
179 error("Failed to reopen %s: %m", devnam);
180 diff -Naur pppd.orig/utils.c pppd/utils.c
181 --- pppd.orig/utils.c 2022-12-30 02:12:39.000000000 +0100
182 +++ pppd/utils.c 2023-06-30 13:15:47.860182369 +0200
183 @@ -843,14 +843,14 @@
184 slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev);
185 #endif
186
187 - while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
188 + while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) {
189 if (errno != EEXIST) {
190 error("Can't create lock file %s: %m", lock_file);
191 break;
192 }
193
194 /* Read the lock file to find out who has the device locked. */
195 - fd = open(lock_file, O_RDONLY, 0);
196 + fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0);
197 if (fd < 0) {
198 if (errno == ENOENT) /* This is just a timing problem. */
199 continue;
200 @@ -933,7 +933,7 @@
201
202 if (lock_file[0] == 0)
203 return -1;
204 - fd = open(lock_file, O_WRONLY, 0);
205 + fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0);
206 if (fd < 0) {
207 error("Couldn't reopen lock file %s: %m", lock_file);
208 lock_file[0] = 0;
IPFire 2.x development tree