From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 21 Feb 2017 16:57:55 +0000 (+0100)
Subject: log: never log into foreign fd #2 in PID 1 or its pre-execve() children
X-Git-Tag: v233~52^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=48a601fe;p=thirdparty%2Fsystemd.git

log: never log into foreign fd #2 in PID 1 or its pre-execve() children

Fixes: #5401
---

diff --git a/src/basic/log.c b/src/basic/log.c
index e6d2d61d72b..36efc9ac7d8 100644
--- a/src/basic/log.c
+++ b/src/basic/log.c
@@ -72,6 +72,7 @@ static bool show_color = false;
 static bool show_location = false;
 
 static bool upgrade_syslog_to_journal = false;
+static bool always_reopen_console = false;
 
 /* Akin to glibc's __abort_msg; which is private and we hence cannot
  * use here. */
@@ -95,7 +96,7 @@ static int log_open_console(void) {
         if (console_fd >= 0)
                 return 0;
 
-        if (getpid() == 1) {
+        if (always_reopen_console) {
                 console_fd = open_terminal("/dev/console", O_WRONLY|O_NOCTTY|O_CLOEXEC);
                 if (console_fd < 0)
                         return console_fd;
@@ -1171,3 +1172,7 @@ int log_syntax_internal(
                         unit_fmt, unit,
                         NULL);
 }
+
+void log_set_always_reopen_console(bool b) {
+        always_reopen_console = b;
+}
diff --git a/src/basic/log.h b/src/basic/log.h
index 9cacbb6b70f..72714e02e56 100644
--- a/src/basic/log.h
+++ b/src/basic/log.h
@@ -220,6 +220,7 @@ LogTarget log_target_from_string(const char *s) _pure_;
 void log_received_signal(int level, const struct signalfd_siginfo *si);
 
 void log_set_upgrade_syslog_to_journal(bool b);
+void log_set_always_reopen_console(bool b);
 
 int log_syntax_internal(
                 const char *unit,
diff --git a/src/core/main.c b/src/core/main.c
index 3c6b18229c8..bcf9ea5f25a 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1414,10 +1414,17 @@ int main(int argc, char *argv[]) {
 
         log_set_upgrade_syslog_to_journal(true);
 
-        /* Disable the umask logic */
-        if (getpid() == 1)
+        if (getpid() == 1) {
+                /* Disable the umask logic */
                 umask(0);
 
+                /* Always reopen /dev/console when running as PID 1 or one of its pre-execve() children. This is
+                 * important so that we never end up logging to any foreign stderr, for example if we have to log in a
+                 * child process right before execve()'ing the actual binary, at a point in time where socket
+                 * activation stderr/stdout area already set up. */
+                log_set_always_reopen_console(true);
+        }
+
         if (getpid() == 1 && detect_container() <= 0) {
 
                 /* Running outside of a container as PID 1 */