[Pommed-commits] [SCM] pommed - hotkeys handler for Apple laptops branch, master, updated. 1.33-2-g765e6f0

Julien BLACHE jb at jblache.org
Tue Jun 29 18:02:24 UTC 2010


The following commit has been merged in the master branch:
commit 765e6f04f7f2a1f9a0cf9d17e7b0ca19edeb19c5
Author: Julien BLACHE <jb at jblache.org>
Date:   Tue Jun 29 20:00:47 2010 +0200

    Be more careful when invoking eject (Alioth #312213)
    
    Close open file descriptors and clear the environment. Result of a security
    audit by Sebastian Krahmer, reported to the Alioth bug tracker by Lars Vogdt.

diff --git a/ChangeLog b/ChangeLog
index 5d6f5f2..f1e2537 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@ ChangeLog for pommed
 --------------------
 
 version 1.34:
+	- pommed: be more careful when invoking eject (Alioth #312213).
 
 version 1.33:
 	- pommed: added support for the MacBook6,1 (October 2009).
diff --git a/pommed/cd_eject.c b/pommed/cd_eject.c
index bb1f53e..5205b82 100644
--- a/pommed/cd_eject.c
+++ b/pommed/cd_eject.c
@@ -25,6 +25,7 @@
 #include <sys/stat.h>
 #include <sys/wait.h>
 #include <fcntl.h>
+#include <limits.h>
 
 #include <errno.h>
 
@@ -42,6 +43,9 @@
 void
 cd_eject(void)
 {
+  char *eject_argv[3] = { "eject", eject_cfg.device, NULL };
+  char *eject_envp[1] = { NULL };
+  long max_fd;
   int fd;
   int ret;
 
@@ -88,7 +92,15 @@ cd_eject(void)
   ret = fork();
   if (ret == 0) /* exec eject */
     {
-      execl("/usr/bin/eject", "eject", eject_cfg.device, NULL);
+      max_fd = sysconf(_SC_OPEN_MAX);
+
+      if (max_fd > INT_MAX)
+	max_fd = INT_MAX;
+
+      for (fd = 3; fd < max_fd; fd++)
+	close(fd);
+
+      execve("/usr/bin/eject", eject_argv, eject_envp);
 
       logmsg(LOG_ERR, "Could not execute eject: %s", strerror(errno));
       exit(1);

-- 
pommed - hotkeys handler for Apple laptops



More information about the Pommed-commits mailing list