v/tmate-ssh-server
1
0
Fork 0
mirror of https://github.com/tmate-io/tmate-ssh-server.git synced 2020-11-18 19:53:51 -08:00
Code Issues Releases Wiki Activity

Aggressive fd close before hitting the jail

Browse Source
This commit is contained in:
Nicolas Viennot 2013-06-11 03:06:41 -04:00
parent 79417f1619
commit 31b5c08472
2 changed files with 27 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
log.c
View File

@ -54,7 +54,7 @@ log_open(int level, const char *path)
if (log_file == NULL) if (log_file == NULL)
return; return;
} else { } else {
log_file = stderr; log_file = fdopen(dup(STDERR_FILENO), "a");
} }
log_level = level; log_level = level;

30
tmate-slave.c
View File

@ -8,6 +8,7 @@ struct tmate_encoder *tmate_encoder;
int tmux_socket_fd; int tmux_socket_fd;
const char *tmate_session_token; const char *tmate_session_token;
extern FILE *log_file;
extern int server_create_socket(void); extern int server_create_socket(void);
extern int client_connect(char *path, int start_server); extern int client_connect(char *path, int start_server);
@ -118,6 +119,21 @@ static void ssh_echo(struct tmate_ssh_client *ssh_client,
" Nico" "\r\n" \ " Nico" "\r\n" \
" " "\r\n" " " "\r\n"
static void close_fds_except(int *fd_to_preserve, int num_fds)
{
int fd, i, preserve;
for (fd = 0; fd < 1024; fd++) {
preserve = 0;
for (i = 0; i < num_fds; i++)
if (fd_to_preserve[i] == fd)
preserve = 1;
if (!preserve)
close(fd);
}
}
static void tmate_spawn_slave_server(struct tmate_ssh_client *client) static void tmate_spawn_slave_server(struct tmate_ssh_client *client)
{ {
char *token; char *token;
@ -134,6 +150,9 @@ static void tmate_spawn_slave_server(struct tmate_ssh_client *client)
if (tmux_socket_fd < 0) if (tmux_socket_fd < 0)
tmate_fatal("Cannot create to the tmux socket"); tmate_fatal("Cannot create to the tmux socket");
close_fds_except((int[]){tmux_socket_fd, ssh_get_fd(client->session),
fileno(log_file)}, 7);
ev_base = osdep_event_init(); ev_base = osdep_event_init();
tmate_encoder_init(&encoder); tmate_encoder_init(&encoder);
@ -162,8 +181,6 @@ static void tmate_spawn_slave_client(struct tmate_ssh_client *client)
tmate_debug("Spawn tmux slave client %s", tmate_session_token); tmate_debug("Spawn tmux slave client %s", tmate_session_token);
ev_base = osdep_event_init();
tmux_socket_fd = client_connect(socket_path, 0); tmux_socket_fd = client_connect(socket_path, 0);
if (tmux_socket_fd < 0) { if (tmux_socket_fd < 0) {
random_sleep(); /* for timing attacks */ random_sleep(); /* for timing attacks */
@ -176,8 +193,13 @@ static void tmate_spawn_slave_client(struct tmate_ssh_client *client)
dup2(slave_pty, STDIN_FILENO); dup2(slave_pty, STDIN_FILENO);
dup2(slave_pty, STDOUT_FILENO); dup2(slave_pty, STDOUT_FILENO);
stderr = stdout; dup2(slave_pty, STDERR_FILENO);
close(slave_pty);
close_fds_except((int[]){STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO,
tmux_socket_fd, ssh_get_fd(client->session),
client->pty, fileno(log_file)}, 7);
ev_base = osdep_event_init();
tmate_ssh_client_pty_init(client); tmate_ssh_client_pty_init(client);