From: Tobias Stoeckmann Date: Sat, 20 Dec 2025 16:46:18 +0000 (+0000) Subject: newgrp, sg: Open audit socket after check_fds X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ff555732f8fd53e2d9b71ab03280260434736eaa;p=thirdparty%2Fshadow.git newgrp, sg: Open audit socket after check_fds The check_fds function is supposed to ensure that fds 0, 1, and 2 are opened in a well-defined state, i.e. either they are already connected to supposed input/output files or will be connected to /dev/null if not. Opening the audit socket before checking the fds allows the audit socket to get one of these numbers. Avoid this by opening the audit socket after the check. In general, this check is already covered by system libraries, but this proof of concept works for root user. Note the different states of the file descriptor 2. In bash or another shell that interprets `2>&-` as closing stderr with shadow + audit support, e.g. Arch Linux: ``` sg bin 'ls -l /proc/self/fd' sg bin 'ls -l /proc/self/fd' 2>/dev/null sg bin 'ls -l /proc/self/fd' 2>&- ``` Signed-off-by: Tobias Stoeckmann --- diff --git a/src/newgrp.c b/src/newgrp.c index 77e57be50..055da7d30 100644 --- a/src/newgrp.c +++ b/src/newgrp.c @@ -387,10 +387,6 @@ int main (int argc, char **argv) struct sgrp *sgrp; #endif -#ifdef WITH_AUDIT - audit_help_open (); -#endif - check_fds (); (void) setlocale (LC_ALL, ""); @@ -432,6 +428,9 @@ int main (int argc, char **argv) log_set_progname(Prog); log_set_logfd(stderr); OPENLOG (Prog); +#ifdef WITH_AUDIT + audit_help_open (); +#endif argc--; argv++;