[Pommed-commits] [SCM] pommed - hotkeys handler for Apple laptops branch, master, updated. 1.33-2-g765e6f0
Julien BLACHE
jb at jblache.org
Tue Jun 29 18:02:24 UTC 2010
The following commit has been merged in the master branch:
commit 765e6f04f7f2a1f9a0cf9d17e7b0ca19edeb19c5
Author: Julien BLACHE <jb at jblache.org>
Date: Tue Jun 29 20:00:47 2010 +0200
Be more careful when invoking eject (Alioth #312213)
Close open file descriptors and clear the environment. Result of a security
audit by Sebastian Krahmer, reported to the Alioth bug tracker by Lars Vogdt.
diff --git a/ChangeLog b/ChangeLog
index 5d6f5f2..f1e2537 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@ ChangeLog for pommed
--------------------
version 1.34:
+ - pommed: be more careful when invoking eject (Alioth #312213).
version 1.33:
- pommed: added support for the MacBook6,1 (October 2009).
diff --git a/pommed/cd_eject.c b/pommed/cd_eject.c
index bb1f53e..5205b82 100644
--- a/pommed/cd_eject.c
+++ b/pommed/cd_eject.c
@@ -25,6 +25,7 @@
#include <sys/stat.h>
#include <sys/wait.h>
#include <fcntl.h>
+#include <limits.h>
#include <errno.h>
@@ -42,6 +43,9 @@
void
cd_eject(void)
{
+ char *eject_argv[3] = { "eject", eject_cfg.device, NULL };
+ char *eject_envp[1] = { NULL };
+ long max_fd;
int fd;
int ret;
@@ -88,7 +92,15 @@ cd_eject(void)
ret = fork();
if (ret == 0) /* exec eject */
{
- execl("/usr/bin/eject", "eject", eject_cfg.device, NULL);
+ max_fd = sysconf(_SC_OPEN_MAX);
+
+ if (max_fd > INT_MAX)
+ max_fd = INT_MAX;
+
+ for (fd = 3; fd < max_fd; fd++)
+ close(fd);
+
+ execve("/usr/bin/eject", eject_argv, eject_envp);
logmsg(LOG_ERR, "Could not execute eject: %s", strerror(errno));
exit(1);
--
pommed - hotkeys handler for Apple laptops
More information about the Pommed-commits
mailing list