summaryrefslogtreecommitdiff
path: root/src/lib/ecore
diff options
context:
space:
mode:
authorCarsten Haitzler (Rasterman) <raster@rasterman.com>2017-09-23 22:44:17 +0900
committerCarsten Haitzler (Rasterman) <raster@rasterman.com>2017-09-23 22:44:17 +0900
commitd136961e3eeb53fa73a2326dc66c4ccd37b13e75 (patch)
treeb8af952fc3841d3096ba8cbf02100bf21de2e064 /src/lib/ecore
parent17507bab43e18b3a29fb045302de6c4f88fef594 (diff)
ecore exe - add an "isolate io"f lag for sending io to /dev/null
this is useful for security to disallow child processes access to stdio/err of the parent process. @feature
Diffstat (limited to 'src/lib/ecore')
-rw-r--r--src/lib/ecore/ecore_exe.eo3
-rw-r--r--src/lib/ecore/ecore_exe_posix.c70
2 files changed, 54 insertions, 19 deletions
diff --git a/src/lib/ecore/ecore_exe.eo b/src/lib/ecore/ecore_exe.eo
index 78a1da9e03..100f5b35f3 100644
--- a/src/lib/ecore/ecore_exe.eo
+++ b/src/lib/ecore/ecore_exe.eo
@@ -35,7 +35,8 @@ enum Ecore.Exe_Flags
35 respawn = 64, [[FIXME: Exe is restarted if it dies]] 35 respawn = 64, [[FIXME: Exe is restarted if it dies]]
36 use_sh = 128, [[Use /bin/sh to run the command.]] 36 use_sh = 128, [[Use /bin/sh to run the command.]]
37 not_leader = 256, [[Do not use setsid() to have the executed process be its own session leader]] 37 not_leader = 256, [[Do not use setsid() to have the executed process be its own session leader]]
38 term_with_parent = 512 [[Makes child receive SIGTERM when parent dies.]] 38 term_with_parent = 512, [[Makes child receive SIGTERM when parent dies.]]
39 isolate_io = 1024, [[Try and isolate stdin/out and err of the process so it isn't shared with the parent.]]
39} 40}
40 41
41class Ecore.Exe (Efl.Object, Efl.Control) 42class Ecore.Exe (Efl.Object, Efl.Control)
diff --git a/src/lib/ecore/ecore_exe_posix.c b/src/lib/ecore/ecore_exe_posix.c
index 2a240a2d01..3cbba20f44 100644
--- a/src/lib/ecore/ecore_exe_posix.c
+++ b/src/lib/ecore/ecore_exe_posix.c
@@ -317,24 +317,58 @@ _impl_ecore_exe_efl_object_finalize(Eo *obj, Ecore_Exe_Data *exe)
317#warning "Have support for this" 317#warning "Have support for this"
318#endif 318#endif
319 } 319 }
320 /* dup2 STDERR, STDIN, and STDOUT. dup2() allegedly closes the 320 if (ok && (flags & ECORE_EXE_ISOLATE_IO))
321 * second pipe if it's open. On the other hand, there was the 321 {
322 * Great FD Leak Scare of '06, so let's be paranoid. */ 322 int devnull;
323 if (ok && (flags & ECORE_EXE_PIPE_ERROR)) 323
324 { 324 /* we want to isolatie the stdin/out/err of the process so
325 E_NO_ERRNO(result, close(STDERR_FILENO), ok); 325 * it can't share those of the parent, so close and replace with
326 E_NO_ERRNO(result, dup2(errorPipe[1], STDERR_FILENO), ok); 326 * /dev/null */
327 } 327 devnull = open("/dev/null", O_RDONLY);
328 if (ok && (flags & ECORE_EXE_PIPE_READ)) 328 if (devnull >= 0)
329 { 329 {
330 E_NO_ERRNO(result, close(STDOUT_FILENO), ok); 330 E_NO_ERRNO(result, close(STDIN_FILENO), ok);
331 E_NO_ERRNO(result, dup2(readPipe[1], STDOUT_FILENO), ok); 331 E_NO_ERRNO(result, dup2(devnull, STDIN_FILENO), ok);
332 } 332 E_NO_ERRNO(result, close(devnull), ok);
333 if (ok && (flags & ECORE_EXE_PIPE_WRITE)) 333 }
334 { 334
335 E_NO_ERRNO(result, close(STDIN_FILENO), ok); 335 devnull = open("/dev/null", O_WRONLY);
336 E_NO_ERRNO(result, dup2(writePipe[0], STDIN_FILENO), ok); 336 if (devnull >= 0)
337 } 337 {
338 E_NO_ERRNO(result, close(STDOUT_FILENO), ok);
339 E_NO_ERRNO(result, dup2(devnull, STDOUT_FILENO), ok);
340 E_NO_ERRNO(result, close(devnull), ok);
341 }
342
343 devnull = open("/dev/null", O_WRONLY);
344 if (devnull >= 0)
345 {
346 E_NO_ERRNO(result, close(STDERR_FILENO), ok);
347 E_NO_ERRNO(result, dup2(devnull, STDERR_FILENO), ok);
348 E_NO_ERRNO(result, close(devnull), ok);
349 }
350 }
351 else
352 {
353 /* dup2 STDERR, STDIN, and STDOUT. dup2() allegedly closes the
354 * second pipe if it's open. On the other hand, there was the
355 * Great FD Leak Scare of '06, so let's be paranoid. */
356 if (ok && (flags & ECORE_EXE_PIPE_ERROR))
357 {
358 E_NO_ERRNO(result, close(STDERR_FILENO), ok);
359 E_NO_ERRNO(result, dup2(errorPipe[1], STDERR_FILENO), ok);
360 }
361 if (ok && (flags & ECORE_EXE_PIPE_READ))
362 {
363 E_NO_ERRNO(result, close(STDOUT_FILENO), ok);
364 E_NO_ERRNO(result, dup2(readPipe[1], STDOUT_FILENO), ok);
365 }
366 if (ok && (flags & ECORE_EXE_PIPE_WRITE))
367 {
368 E_NO_ERRNO(result, close(STDIN_FILENO), ok);
369 E_NO_ERRNO(result, dup2(writePipe[0], STDIN_FILENO), ok);
370 }
371 }
338 372
339 if (ok) 373 if (ok)
340 { 374 {