- dtucker@cvs.openbsd.org 2009/11/10 04:30:45

     [sshconnect2.c channels.c sshconnect.c]
     Set close-on-exec on various descriptors so they don't get leaked to
     child processes.  bz #1643, patch from jchadima at redhat, ok deraadt.

4 files changed, 22 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index 604b5d773..a2cee09d5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -47,6 +47,10 @@
      [sshd_config.5]
      clarify that StrictModes does not apply to ChrootDirectory. Permissions
      and ownership are always checked when chrooting. bz#1532
+   - dtucker@cvs.openbsd.org 2009/11/10 04:30:45
+     [sshconnect2.c channels.c sshconnect.c]
+     Set close-on-exec on various descriptors so they don't get leaked to
+     child processes.  bz #1643, patch from jchadima at redhat, ok deraadt.
 
 20091226
  - (tim) [contrib/cygwin/Makefile] Install ssh-copy-id and ssh-copy-id.1
diff --git a/channels.c b/channels.c
index 884c14c99..eb0c61d8b 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.297 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: channels.c,v 1.298 2009/11/10 04:30:44 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -53,6 +53,7 @@
 #include <arpa/inet.h>
 
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -231,7 +232,12 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
         channel_max_fd = MAX(channel_max_fd, wfd);
         channel_max_fd = MAX(channel_max_fd, efd);
 
-        /* XXX set close-on-exec -markus */
+        if (rfd != -1)
+                fcntl(rfd, F_SETFD, FD_CLOEXEC);
+        if (wfd != -1 && wfd != rfd)
+                fcntl(wfd, F_SETFD, FD_CLOEXEC);
+        if (efd != -1 && efd != rfd && efd != wfd)
+                fcntl(efd, F_SETFD, FD_CLOEXEC);
 
         c->rfd = rfd;
         c->wfd = wfd;
diff --git a/sshconnect.c b/sshconnect.c
index a09026e65..3c8308ffb 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.215 2009/10/28 16:38:18 reyk Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.216 2009/11/10 04:30:45 dtucker Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -28,6 +28,7 @@
 
 #include <ctype.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #ifdef HAVE_PATHS_H
 #include <paths.h>
@@ -192,8 +193,11 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
         }
         sock = socket_rdomain(ai->ai_family, ai->ai_socktype, ai->ai_protocol,
             options.rdomain);
-        if (sock < 0)
+        if (sock < 0) {
                 error("socket: %.100s", strerror(errno));
+                return -1;
+        }
+        fcntl(sock, F_SETFD, FD_CLOEXEC);
 
         /* Bind the socket to an alternative local IP address */
         if (options.bind_address == NULL)
diff --git a/sshconnect2.c b/sshconnect2.c
index 937bb773d..299d4f4e3 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.173 2009/10/24 11:13:54 andreas Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.174 2009/11/10 04:30:45 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -32,6 +32,7 @@
 #include <sys/stat.h>
 
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <signal.h>
@@ -1527,6 +1528,8 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
                 return -1;
         }
         if (pid == 0) {
+                /* keep the socket on exec */
+                fcntl(packet_get_connection_in(), F_SETFD, 0);
                 permanently_drop_suid(getuid());
                 close(from[0]);
                 if (dup2(from[1], STDOUT_FILENO) < 0)