From: Roy Marples <roy@marples.name>
Date: Tue, 21 Jan 2020 16:11:37 +0000 (+0000)
Subject: privsep: Close stdout/stderr after forking processes
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=18043c2fba9868086534f99b072a7ef7f53a547f;p=thirdparty%2Fdhcpcd.git

privsep: Close stdout/stderr after forking processes

Well, redirect them to /dev/null anyway.
Also tidy a few things in common whilst here.
---

diff --git a/src/common.c b/src/common.c
index eac1b256..c4eecfee 100644
--- a/src/common.c
+++ b/src/common.c
@@ -30,8 +30,6 @@
 
 #include <ctype.h>
 #include <errno.h>
-#include <fcntl.h>
-#include <paths.h>
 #include <stdio.h>
 #include <stdlib.h>
 
@@ -40,27 +38,6 @@
 #include "if-options.h"
 #include "logerr.h"
 
-/* Most route(4) messages are less than 256 bytes. */
-#define IOVEC_BUFSIZ	256
-
-int
-close_std(void)
-{
-	int fd, error = 0;
-
-	if ((fd = open(_PATH_DEVNULL, O_RDWR, 0)) == -1)
-		return -1;
-
-	if (dup2(fd, STDIN_FILENO) == -1)
-		error = -1;
-	if (dup2(fd, STDOUT_FILENO) == -1)
-		error = -1;
-	if (dup2(fd, STDERR_FILENO) == -1)
-		error = -1;
-	close(fd);
-	return error;
-}
-
 const char *
 hwaddr_ntoa(const void *hwaddr, size_t hwlen, char *buf, size_t buflen)
 {
diff --git a/src/common.h b/src/common.h
index 1d6f1722..49ff36f9 100644
--- a/src/common.h
+++ b/src/common.h
@@ -135,11 +135,6 @@
 # endif
 #endif
 
-int close_std(void);
-void get_line_free(void);
-extern int clock_monotonic;
-int get_monotonic(struct timespec *);
-
 const char *hwaddr_ntoa(const void *, size_t, char *, size_t);
 size_t hwaddr_aton(uint8_t *, const char *);
 size_t read_hwaddr_aton(uint8_t **, const char *);
diff --git a/src/dhcpcd.c b/src/dhcpcd.c
index 31e21a5d..f437977b 100644
--- a/src/dhcpcd.c
+++ b/src/dhcpcd.c
@@ -41,6 +41,7 @@ const char dhcpcd_copyright[] = "Copyright (c) 2006-2020 Roy Marples";
 #include <fcntl.h>
 #include <getopt.h>
 #include <limits.h>
+#include <paths.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -352,7 +353,8 @@ dhcpcd_daemonise(struct dhcpcd_ctx *ctx)
 	eloop_event_delete(ctx->eloop, ctx->fork_fd);
 	close(ctx->fork_fd);
 	ctx->fork_fd = -1;
-	close_std();
+	freopen(_PATH_DEVNULL, "w", stdout);
+	freopen(_PATH_DEVNULL, "w", stderr);
 #endif
 }
 
@@ -611,7 +613,7 @@ configure_interface(struct interface *ifp, int argc, char **argv,
 
 	/* If the mtime has changed drop any old lease */
 	if (old != 0 && ifp->options->mtime != old) {
-		logwarnx("%s: confile file changed, expiring leases",
+		logwarnx("%s: config file changed, expiring leases",
 		    ifp->name);
 		dhcpcd_drop(ifp, 0);
 	}
@@ -2009,6 +2011,7 @@ printpidfile:
 #endif
 
 	logdebugx(PACKAGE "-" VERSION " starting");
+	freopen(_PATH_DEVNULL, "r", stdin);
 
 #ifdef PRIVSEP
 	if (ps_init(&ctx) == -1 && errno != 0) {
diff --git a/src/privsep.c b/src/privsep.c
index 57b76b82..8fe7256a 100644
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -47,7 +47,7 @@
 #include <pwd.h>
 #include <errno.h>
 #include <fcntl.h>
-#include <grp.h>
+#include <paths.h>
 #include <stddef.h>	/* For offsetof, struct padding debug */
 #include <signal.h>
 #include <stdlib.h>
@@ -196,10 +196,8 @@ ps_dostart(struct dhcpcd_ctx *ctx,
 	if (callback(recv_ctx) == -1)
 		goto errexit;
 
-#if 0
-	/* XXX Why does this cause processes to exit? */
-	close_std();
-#endif
+	freopen(_PATH_DEVNULL, "w", stdout);
+	freopen(_PATH_DEVNULL, "w", stderr);
 
 	if (pw == NULL)
 		return 0;
@@ -217,8 +215,8 @@ ps_dostart(struct dhcpcd_ctx *ctx,
 
 dropprivs:
 	if (setgroups(1, &pw->pw_gid) == -1 ||
-	     setgid(pw->pw_gid) == -1 ||
-	     setuid(pw->pw_uid) == -1)
+	    setgid(pw->pw_gid) == -1 ||
+	    setuid(pw->pw_uid) == -1)
 		logerr("failed to drop privileges");
 
 	return 0;