src/patches/ppp/ppp-e1266c7-2-everywhere-O_CLOEXEC-harder.patch

   1 diff -Naur ppp-e1266c7-orig/pppd/eap.c ppp-e1266c7/pppd/eap.c
   2 --- ppp-e1266c7-orig/pppd/eap.c 2024-02-13 10:40:56.000000000 +0100
   3 +++ ppp-e1266c7/pppd/eap.c      2024-03-15 10:40:53.637190252 +0100
   4 @@ -1542,7 +1542,7 @@
   5
   6         if ((path = name_of_pn_file()) == NULL)
   7                 return (-1);
   8 -       fd = open(path, modebits, S_IRUSR | S_IWUSR);
   9 +       fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC);
  10         err = errno;
  11         free(path);
  12         errno = err;
  13 diff -Naur ppp-e1266c7-orig/pppd/main.c ppp-e1266c7/pppd/main.c
  14 --- ppp-e1266c7-orig/pppd/main.c        2024-02-13 10:40:56.000000000 +0100
  15 +++ ppp-e1266c7/pppd/main.c     2024-03-15 10:41:43.842037617 +0100
  16 @@ -480,7 +480,7 @@
  17         die(0);
  18
  19      /* Make sure fds 0, 1, 2 are open to somewhere. */
  20 -    fd_devnull = open(PPP_DEVNULL, O_RDWR);
  21 +    fd_devnull = open(PPP_DEVNULL, O_RDWR | O_CLOEXEC);
  22      if (fd_devnull < 0)
  23         fatal("Couldn't open %s: %m", PPP_DEVNULL);
  24      while (fd_devnull <= 2) {
  25 diff -Naur ppp-e1266c7-orig/pppd/options.c ppp-e1266c7/pppd/options.c
  26 --- ppp-e1266c7-orig/pppd/options.c     2024-02-13 10:40:56.000000000 +0100
  27 +++ ppp-e1266c7/pppd/options.c  2024-03-15 10:43:02.867753370 +0100
  28 @@ -1719,9 +1719,9 @@
  29         ppp_option_error("unable to drop permissions to open %s: %m", *argv);
  30         return 0;
  31      }
  32 -    fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
  33 +    fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644);
  34      if (fd < 0 && errno == EEXIST)
  35 -       fd = open(*argv, O_WRONLY | O_APPEND);
  36 +       fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC);
  37      err = errno;
  38      if (!privileged_option && seteuid(euid) == -1)
  39         fatal("unable to regain privileges: %m");
  40 diff -Naur ppp-e1266c7-orig/pppd/sys-linux.c ppp-e1266c7/pppd/sys-linux.c
  41 --- ppp-e1266c7-orig/pppd/sys-linux.c   2024-02-13 10:40:56.000000000 +0100
  42 +++ ppp-e1266c7/pppd/sys-linux.c        2024-03-15 10:49:59.310297165 +0100
  43 @@ -656,7 +656,7 @@
  44             goto err;
  45         }
  46         dbglog("using channel %d", chindex);
  47 -       fd = open("/dev/ppp", O_RDWR);
  48 +       fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
  49         if (fd < 0) {
  50             error("Couldn't reopen /dev/ppp: %m");
  51             goto err;
  52 @@ -894,7 +894,7 @@
  53                 dbglog("in make_ppp_unit, already had /dev/ppp open?");
  54                 close(ppp_dev_fd);
  55         }
  56 -       ppp_dev_fd = open("/dev/ppp", O_RDWR);
  57 +       ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
  58         if (ppp_dev_fd < 0)
  59                 fatal("Couldn't open /dev/ppp: %m");
  60         flags = fcntl(ppp_dev_fd, F_GETFL);
  61 @@ -1015,7 +1015,7 @@
  62         if (!new_style_driver)
  63                 return -1;
  64
  65 -       master_fd = open("/dev/ppp", O_RDWR);
  66 +       master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
  67         if (master_fd < 0)
  68                 fatal("Couldn't open /dev/ppp: %m");
  69         if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
  70 @@ -2541,7 +2541,7 @@
  71         if (tune_kernel) {
  72             forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
  73             if (forw_path != 0) {
  74 -               int fd = open(forw_path, O_WRONLY);
  75 +               int fd = open(forw_path, O_WRONLY | O_CLOEXEC);
  76                 if (fd >= 0) {
  77                     if (write(fd, "1", 1) != 1)
  78                         error("Couldn't enable IP forwarding: %m");
  79 @@ -2886,7 +2886,7 @@
  80      sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
  81      kernel_version = KVERSION(osmaj, osmin, ospatch);
  82
  83 -    fd = open("/dev/ppp", O_RDWR);
  84 +    fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
  85      if (fd >= 0) {
  86         new_style_driver = 1;
  87
  88 @@ -3064,7 +3064,7 @@
  89  #if __GLIBC__ >= 2
  90      updwtmp(_PATH_WTMP, &ut);
  91  #else
  92 -    wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY);
  93 +    wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC);
  94      if (wtmp >= 0) {
  95         flock(wtmp, LOCK_EX);
  96
  97 @@ -3288,7 +3288,7 @@
  98         int fd;
  99
 100         path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
 101 -       if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
 102 +       if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) {
 103             if (write(fd, "1", 1) != 1)
 104                 error("Couldn't enable dynamic IP addressing: %m");
 105             close(fd);
 106 @@ -3542,7 +3542,7 @@
 107      /*
 108       * Try the unix98 way first.
 109       */
 110 -    mfd = open("/dev/ptmx", O_RDWR);
 111 +    mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC);
 112      if (mfd >= 0) {
 113         int ptn;
 114         if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
 115 @@ -3553,7 +3553,8 @@
 116             if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
 117                 warn("Couldn't unlock pty slave %s: %m", pty_name);
 118  #endif
 119 -           if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
 120 +
 121 +           if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
 122             {
 123                 warn("Couldn't open pty slave %s: %m", pty_name);
 124                 close(mfd);
 125 @@ -3567,10 +3568,10 @@
 126         for (i = 0; i < 64; ++i) {
 127             slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
 128                      'p' + i / 16, i % 16);
 129 -           mfd = open(pty_name, O_RDWR, 0);
 130 +           mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0);
 131             if (mfd >= 0) {
 132                 pty_name[5] = 't';
 133 -               sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
 134 +               sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
 135                 if (sfd >= 0) {
 136                     ret = fchown(sfd, uid, -1);
 137                     if (ret != 0) {
 138 diff -Naur ppp-e1266c7-orig/pppd/tdb.c ppp-e1266c7/pppd/tdb.c
 139 --- ppp-e1266c7-orig/pppd/tdb.c 2024-02-13 10:40:56.000000000 +0100
 140 +++ ppp-e1266c7/pppd/tdb.c      2024-03-15 10:51:25.182882191 +0100
 141 @@ -1732,7 +1732,7 @@
 142         }
 143
 144  again:
 145 -       if ((tdb->fd = open(name, open_flags, mode)) == -1) {
 146 +       if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) {
 147                 if ((open_flags & O_CREAT) && errno == ENOENT &&
 148                         mkdir_recursive(PPP_PATH_VARRUN) == 0)
 149                         goto again;
 150 @@ -1979,7 +1979,7 @@
 151         }
 152         if (close(tdb->fd) != 0)
 153                 TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
 154 -       tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
 155 +       tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0);
 156         if (tdb->fd == -1) {
 157                 TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
 158                 goto fail;
 159 diff -Naur ppp-e1266c7-orig/pppd/tty.c ppp-e1266c7/pppd/tty.c
 160 --- ppp-e1266c7-orig/pppd/tty.c 2024-02-13 10:40:56.000000000 +0100
 161 +++ ppp-e1266c7/pppd/tty.c      2024-03-15 10:52:35.828341901 +0100
 162 @@ -621,7 +621,7 @@
 163                                 ppp_set_status(EXIT_OPEN_FAILED);
 164                                 goto errret;
 165                         }
 166 -                       real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
 167 +                       real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0);
 168                         err = errno;
 169                         if (prio < OPRIO_ROOT && seteuid(0) == -1)
 170                                 fatal("Unable to regain privileges");
 171 @@ -775,7 +775,7 @@
 172         if (connector == NULL && modem && devnam[0] != 0) {
 173                 int i;
 174                 for (;;) {
 175 -                       if ((i = open(devnam, O_RDWR)) >= 0)
 176 +                       if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0)
 177                                 break;
 178                         if (errno != EINTR) {
 179                                 error("Failed to reopen %s: %m", devnam);
 180 diff -Naur ppp-e1266c7-orig/pppd/utils.c ppp-e1266c7/pppd/utils.c
 181 --- ppp-e1266c7-orig/pppd/utils.c       2024-02-13 10:40:56.000000000 +0100
 182 +++ ppp-e1266c7/pppd/utils.c    2024-03-15 10:55:27.176832115 +0100
 183 @@ -926,14 +926,14 @@
 184      slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev);
 185  #endif
 186
 187 -    while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
 188 +    while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) {
 189         if (errno != EEXIST) {
 190             error("Can't create lock file %s: %m", lock_file);
 191             break;
 192         }
 193
 194         /* Read the lock file to find out who has the device locked. */
 195 -       fd = open(lock_file, O_RDONLY, 0);
 196 +       fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0);
 197         if (fd < 0) {
 198             if (errno == ENOENT) /* This is just a timing problem. */
 199                 continue;
 200 @@ -1016,7 +1016,7 @@
 201
 202      if (lock_file[0] == 0)
 203         return -1;
 204 -    fd = open(lock_file, O_WRONLY, 0);
 205 +    fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0);
 206      if (fd < 0) {
 207         error("Couldn't reopen lock file %s: %m", lock_file);
 208         lock_file[0] = 0;