util: don't leak file descriprots to third-party tools

https://github.com/containers/container-selinux/issues/68 Cc: Adrian Reber <areber@redhat.com> Signed-off-by: Andrei Vagin <avagin@gmail.com>

util: don't leak file descriprots to third-party tools
https://github.com/containers/container-selinux/issues/68 Cc: Adrian Reber <areber@redhat.com> Signed-off-by: Andrei Vagin <avagin@gmail.com>
6c8ea604 · Andrei Vagin · b548ed94 · 6c8ea604 · 6c8ea604
Commit 6c8ea604 authored Apr 06, 2019 by Andrei Vagin
Show whitespace changes
Inline Side-by-side

Showing with 35 additions and 5 deletions

filesystems.c criu/filesystems.c +2 -5

util.c criu/util.c +33 -0

No files found.
--- a/criu/filesystems.c
+++ b/criu/filesystems.c
@@ -382,7 +382,6 @@ int collect_binfmt_misc(void)
 static int tmpfs_dump(struct mount_info *pm)
 {
 	int ret = -1, fd = -1, userns_pid = -1;
-	char tmpfs_path[PSFDS];
 	struct cr_img *img;
 	int tmp_fds[3], ntmp_fds = 0, i;
@@ -417,12 +416,10 @@ static int tmpfs_dump(struct mount_info *pm)
 	if (!img)
 		goto out;
-	sprintf(tmpfs_path, "/proc/self/fd/%d", fd);
 	if (root_ns_mask & CLONE_NEWUSER)
 		userns_pid = root_item->pid->real;
-	ret = cr_system_userns(-1, img_raw_fd(img), -1, "tar", (char *[])
+	ret = cr_system_userns(fd, img_raw_fd(img), -1, "tar", (char *[])
 			{ "tar", "--create",
 			"--gzip",
 			"--no-unquote",
@@ -432,7 +429,7 @@ static int tmpfs_dump(struct mount_info *pm)
 			"--preserve-permissions",
 			"--sparse",
 			"--numeric-owner",
-			"--directory", tmpfs_path, ".", NULL }, 0, userns_pid);
+			"--directory", "/proc/self/fd/0", ".", NULL }, 0, userns_pid);
 	if (ret)
 		pr_err("Can't dump tmpfs content\n");

--- a/criu/util.c
+++ b/criu/util.c
@@ -493,6 +493,37 @@ int cr_system(int in, int out, int err, char *cmd, char *const argv[], unsigned
 	return cr_system_userns(in, out, err, cmd, argv, flags, -1);
 }
+static int close_fds(int minfd)
+{
+	DIR *dir;
+	struct dirent *de;
+	int fd, ret, dfd;
+	dir = opendir("/proc/self/fd");
+	if (dir == NULL)
+		pr_perror("Can't open /proc/self/fd");
+	dfd = dirfd(dir);
+	while ((de = readdir(dir))) {
+		if (dir_dots(de))
+			continue;
+		ret = sscanf(de->d_name, "%d", &fd);
+		if (ret != 1) {
+			pr_err("Can't parse %s\n", de->d_name);
+			return -1;
+		}
+		if (dfd == fd)
+			continue;
+		if (fd < minfd)
+			continue;
+		close(fd);
+	}
+	closedir(dir);
+	return 0;
+}
 int cr_system_userns(int in, int out, int err, char *cmd,
 			char *const argv[], unsigned flags, int userns_pid)
 {
@@ -556,6 +587,8 @@ int cr_system_userns(int in, int out, int err, char *cmd,
 		if (reopen_fd_as_nocheck(STDERR_FILENO, err))
 			goto out_chld;
+		close_fds(STDERR_FILENO + 1);
 		execvp(cmd, argv);
 		pr_perror("exec(%s, ...) failed", cmd);