Bugzilla – Attachment 3551 Details for
Bug 3349
Test sshd in chroot fails when syscall close_range is undefined and openssh is built with glibc 2.34
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
use close_range with fallback
openssh-closefrom-fallback.patch (text/plain), 2.02 KB, created by
Darren Tucker
on 2021-10-08 20:44:19 AEDT
(
hide
)
Description:
use close_range with fallback
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2021-10-08 20:44:19 AEDT
Size:
2.02 KB
patch
obsolete
>diff --git a/configure.ac b/configure.ac >index 3722b151..f1320a9a 100644 >--- a/configure.ac >+++ b/configure.ac >@@ -836,6 +836,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) > dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. > dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE > CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" >+ AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) > AC_DEFINE([PAM_TTY_KLUDGE], [1], > [Work around problematic Linux PAM modules handling of PAM_TTY]) > AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], >@@ -871,8 +872,8 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) > # include <sys/types.h> > #endif > ]) >- AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h], [], >- [], [#include <linux/types.h>]) >+ AC_CHECK_HEADERS([linux/seccomp.h linux/filter.h linux/audit.h \ >+ linux/close_range.h], [], [], [#include <linux/types.h>]) > # Obtain MIPS ABI > case "$host" in > mips*) >@@ -1817,6 +1818,7 @@ AC_CHECK_FUNCS([ \ > cap_rights_limit \ > clock \ > closefrom \ >+ close_range \ > dirfd \ > endgrent \ > err \ >diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c >index 8fadca2d..9837b49d 100644 >--- a/openbsd-compat/bsd-closefrom.c >+++ b/openbsd-compat/bsd-closefrom.c >@@ -16,7 +16,7 @@ > > #include "includes.h" > >-#ifndef HAVE_CLOSEFROM >+#if !defined(HAVE_CLOSEFROM) || defined(BROKEN_CLOSEFROM) > > #include <sys/types.h> > #include <sys/param.h> >@@ -49,6 +49,9 @@ > #if defined(HAVE_LIBPROC_H) > # include <libproc.h> > #endif >+#if defined(HAVE_LINUX_CLOSE_RANGE_H) >+# include <linux/close_range.h> >+#endif > > #ifndef OPEN_MAX > # define OPEN_MAX 256 >@@ -130,6 +133,11 @@ closefrom(int lowfd) > DIR *dirp; > int len; > >+#ifdef HAVE_CLOSE_RANGE >+ if (close_range(lowfd, INT_MAX, 0) == 0) >+ return; >+#endif >+ > /* Check for a /proc/$$/fd directory. */ > len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid()); > if (len > 0 && (size_t)len < sizeof(fdpath) && (dirp = opendir(fdpath))) {
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3551">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 3349
:
3548
|
3550
|
3551
|
3552