]> git.ipfire.org Git - thirdparty/shadow.git/commit
projects / thirdparty / shadow.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b236090) | patch
newgrp, sg: Open audit socket after check_fds
authorTobias Stoeckmann <tobias@stoeckmann.org>
Sat, 20 Dec 2025 16:46:18 +0000 (16:46 +0000)
committerAlejandro Colomar <foss+github@alejandro-colomar.es>
Sat, 20 Dec 2025 18:07:33 +0000 (19:07 +0100)
commitff555732f8fd53e2d9b71ab03280260434736eaa
tree8caf90854f84198c18b62c64fe58fc2b99afe18ftree
parentb236090cd044f1bf7120fa99c4e269f4c2a84fadcommit | diff
newgrp, sg: Open audit socket after check_fds

The check_fds function is supposed to ensure that fds 0, 1, and 2 are
opened in a well-defined state, i.e. either they are already connected
to supposed input/output files or will be connected to /dev/null if not.

Opening the audit socket before checking the fds allows the audit socket
to get one of these numbers.

Avoid this by opening the audit socket after the check.

In general, this check is already covered by system libraries, but this
proof of concept works for root user. Note the different states of the
file descriptor 2.

In bash or another shell that interprets `2>&-` as closing stderr with
shadow + audit support, e.g. Arch Linux:
```
sg bin 'ls -l /proc/self/fd'
sg bin 'ls -l /proc/self/fd' 2>/dev/null
sg bin 'ls -l /proc/self/fd' 2>&-
```

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
src/newgrp.c diff | blob | blame | history
Mirror of https://github.com/shadow-maint/shadow.git