Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-apps/man-db/files/man-db-2.8.0-refactor_drop_privs.patch
diff options
context:
space:
mode:
Diffstat (limited to 'sys-apps/man-db/files/man-db-2.8.0-refactor_drop_privs.patch')
-rw-r--r--sys-apps/man-db/files/man-db-2.8.0-refactor_drop_privs.patch120
1 files changed, 120 insertions, 0 deletions
diff --git a/sys-apps/man-db/files/man-db-2.8.0-refactor_drop_privs.patch b/sys-apps/man-db/files/man-db-2.8.0-refactor_drop_privs.patch
new file mode 100644
index 000000000000..87db57afb9eb
--- /dev/null
+++ b/sys-apps/man-db/files/man-db-2.8.0-refactor_drop_privs.patch
@@ -0,0 +1,120 @@
+From 24624eaf853158856b8fd0a6f78c873475a16686 Mon Sep 17 00:00:00 2001
+From: Colin Watson <cjwatson@debian.org>
+Date: Wed, 7 Feb 2018 12:23:15 +0000
+Subject: Refactor do_system_drop_privs
+
+Now that we have pipecmd_pre_exec, this can be simplified quite a bit.
+
+* lib/security.c (drop_privs): New function.
+(do_system_drop_privs_child, do_system_drop_privs): Remove.
+* lib/security.h (drop_privs): Add prototype.
+(do_system_drop_privs): Remove prototype.
+* src/man.c (make_browser): Add drop_privs pre-exec hook to browser
+command.
+(format_display): Call browser using pipeline_run rather than
+do_system_drop_privs, since it now has a pre-exec hook to drop
+privileges.
+---
+ lib/security.c | 37 +++----------------------------------
+ lib/security.h | 2 +-
+ src/man.c | 7 +++++--
+ 3 files changed, 9 insertions(+), 37 deletions(-)
+
+diff --git a/lib/security.c b/lib/security.c
+index 6e84de8..c9b365d 100644
+--- a/lib/security.c
++++ b/lib/security.c
+@@ -158,42 +158,11 @@ void regain_effective_privs (void)
+ #endif /* MAN_OWNER */
+ }
+
+-#ifdef MAN_OWNER
+-void do_system_drop_privs_child (void *data)
++/* Pipeline command pre-exec hook to permanently drop privileges. */
++void drop_privs (void *data ATTRIBUTE_UNUSED)
+ {
+- pipeline *p = data;
+-
++#ifdef MAN_OWNER
+ if (idpriv_drop ())
+ gripe_set_euid ();
+- exit (pipeline_run (p));
+-}
+-#endif /* MAN_OWNER */
+-
+-/* The safest way to execute a pipeline with no effective privileges is to
+- * fork, permanently drop privileges in the child, run the pipeline from the
+- * child, and wait for it to die.
+- *
+- * It is possible to use saved IDs to avoid the fork, since effective IDs
+- * are copied to saved IDs on execve; we used to do this. However, forking
+- * is not expensive enough to justify the extra code.
+- *
+- * Note that this frees the supplied pipeline.
+- */
+-int do_system_drop_privs (pipeline *p)
+-{
+-#ifdef MAN_OWNER
+- pipecmd *child_cmd;
+- pipeline *child;
+- int status;
+-
+- child_cmd = pipecmd_new_function ("unprivileged child",
+- do_system_drop_privs_child, NULL, p);
+- child = pipeline_new_commands (child_cmd, NULL);
+- status = pipeline_run (child);
+-
+- pipeline_free (p);
+- return status;
+-#else /* !MAN_OWNER */
+- return pipeline_run (p);
+ #endif /* MAN_OWNER */
+ }
+diff --git a/lib/security.h b/lib/security.h
+index 7545502..851127d 100644
+--- a/lib/security.h
++++ b/lib/security.h
+@@ -27,7 +27,7 @@
+ /* security.c */
+ extern void drop_effective_privs (void);
+ extern void regain_effective_privs (void);
+-extern int do_system_drop_privs (struct pipeline *p);
++extern void drop_privs (void *data);
+ extern void init_security (void);
+ extern int running_setuid (void);
+ extern struct passwd *get_man_owner (void);
+diff --git a/src/man.c b/src/man.c
+index 959d6cc..ff7ebc7 100644
+--- a/src/man.c
++++ b/src/man.c
+@@ -1481,6 +1481,7 @@ static pipeline *make_roff_command (const char *dir, const char *file,
+ static pipeline *make_browser (const char *pattern, const char *file)
+ {
+ pipeline *p;
++ pipecmd *cmd;
+ char *browser = xmalloc (1);
+ int found_percent_s = 0;
+ char *percent;
+@@ -1526,7 +1527,9 @@ static pipeline *make_browser (const char *pattern, const char *file)
+ free (esc_file);
+ }
+
+- p = pipeline_new_command_args ("/bin/sh", "-c", browser, NULL);
++ cmd = pipecmd_new_args ("/bin/sh", "-c", browser, NULL);
++ pipecmd_pre_exec (cmd, drop_privs, NULL, NULL);
++ p = pipeline_new_commands (cmd, NULL);
+ pipeline_ignore_signals (p, 1);
+ free (browser);
+
+@@ -2021,7 +2024,7 @@ static void format_display (pipeline *decomp,
+ pipeline *browser;
+ debug ("Trying browser: %s\n", candidate);
+ browser = make_browser (candidate, htmlfile);
+- disp_status = do_system_drop_privs (browser);
++ disp_status = pipeline_run (browser);
+ if (!disp_status)
+ break;
+ }
+--
+cgit v1.0-41-gc330
+