diff options
| author | Andreas Kling <awesomekling@gmail.com> | 2020-01-04 12:17:13 +0100 |
|---|---|---|
| committer | Andreas Kling <awesomekling@gmail.com> | 2020-01-04 12:17:13 +0100 |
| commit | 32d0967f5ff3ef49eed7f209f5102e7abdc23292 (patch) | |
| tree | cd27e47aef582d4b225667369846ba5795dc1edb /Servers | |
| parent | 755938c6501815edbe9a7ce2f68025a3453343cb (diff) | |
| download | serenity-32d0967f5ff3ef49eed7f209f5102e7abdc23292.zip | |
SystemServer: Don't let services inherit standard in/out and TTY
We were letting services inherit writable fds for /dev/tty0, as well as
having /dev/tty0 as their controlling terminal.
Lock this down by closing fds {0,1,2} when spawning a service. We also
detach from the controlling terminal. An exception is made for services
with an explicit StdIO setting. In those cases, we now switch the
controlling terminal to the specified path if possible.
Diffstat (limited to 'Servers')
| -rw-r--r-- | Servers/SystemServer/Service.cpp | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/Servers/SystemServer/Service.cpp b/Servers/SystemServer/Service.cpp index f15a277325..a0e81bb20d 100644 --- a/Servers/SystemServer/Service.cpp +++ b/Servers/SystemServer/Service.cpp @@ -9,6 +9,7 @@ #include <pwd.h> #include <sched.h> #include <stdio.h> +#include <sys/ioctl.h> #include <sys/stat.h> #include <unistd.h> @@ -157,15 +158,26 @@ void Service::spawn() } if (!m_stdio_file_path.is_null()) { - close(0); + close(STDIN_FILENO); int fd = open_with_path_length(m_stdio_file_path.characters(), m_stdio_file_path.length(), O_RDWR, 0); ASSERT(fd <= 0); if (fd < 0) { perror("open"); ASSERT_NOT_REACHED(); } - dup2(0, 1); - dup2(0, 2); + dup2(STDIN_FILENO, STDOUT_FILENO); + dup2(STDIN_FILENO, STDERR_FILENO); + + if (isatty(STDIN_FILENO)) { + ioctl(STDIN_FILENO, TIOCSCTTY); + } + } else { + if (isatty(STDIN_FILENO)) { + ioctl(STDIN_FILENO, TIOCNOTTY); + } + close(STDIN_FILENO); + close(STDOUT_FILENO); + close(STDERR_FILENO); } if (!m_socket_path.is_null()) { @@ -178,7 +190,7 @@ void Service::spawn() if (!m_user.is_null()) { if (setgid(m_gid) < 0 || setuid(m_uid) < 0) { - fprintf(stderr, "Failed to drop privileges (GID=%u, UID=%u)\n", m_gid, m_uid); + dbgprintf("Failed to drop privileges (GID=%u, UID=%u)\n", m_gid, m_uid); exit(1); } } |