Aggressive fd close before hitting the jail

2020-11-18 19:53:51 -08:00 · 2013-06-11 03:06:41 -04:00 · 2013-06-11 03:06:41 -04:00 · 31b5c08472
commit 31b5c08472
parent 79417f1619
2 changed files with 27 additions and 5 deletions
--- a/log.c
+++ b/log.c
@ -54,7 +54,7 @@ log_open(int level, const char *path)
 		if (log_file == NULL)
 			return;
 	} else {
-		log_file = stderr;
+		log_file = fdopen(dup(STDERR_FILENO), "a");
 	}

 	log_level = level;
--- a/tmate-slave.c
+++ b/tmate-slave.c
@ -8,6 +8,7 @@ struct tmate_encoder *tmate_encoder;
 int tmux_socket_fd;
 const char *tmate_session_token;

+extern FILE *log_file;
 extern int server_create_socket(void);
 extern int client_connect(char *path, int start_server);

@ -118,6 +119,21 @@ static void ssh_echo(struct tmate_ssh_client *ssh_client,
 "  Nico"							 "\r\n" \
 "  "								 "\r\n"

+static void close_fds_except(int *fd_to_preserve, int num_fds)
+{
+	int fd, i, preserve;
+
+	for (fd = 0; fd < 1024; fd++) {
+		preserve = 0;
+		for (i = 0; i < num_fds; i++)
+			if (fd_to_preserve[i] == fd)
+				preserve = 1;
+
+		if (!preserve)
+			close(fd);
+	}
+}
+
 static void tmate_spawn_slave_server(struct tmate_ssh_client *client)
 {
 	char *token;
@ -134,6 +150,9 @@ static void tmate_spawn_slave_server(struct tmate_ssh_client *client)
 	if (tmux_socket_fd < 0)
 		tmate_fatal("Cannot create to the tmux socket");

+	close_fds_except((int[]){tmux_socket_fd, ssh_get_fd(client->session),
+				 fileno(log_file)}, 7);
+
 	ev_base = osdep_event_init();

 	tmate_encoder_init(&encoder);
@ -162,8 +181,6 @@ static void tmate_spawn_slave_client(struct tmate_ssh_client *client)

 	tmate_debug("Spawn tmux slave client %s", tmate_session_token);

-	ev_base = osdep_event_init();
-
 	tmux_socket_fd = client_connect(socket_path, 0);
 	if (tmux_socket_fd < 0) {
 		random_sleep(); /* for timing attacks */
@ -176,8 +193,13 @@ static void tmate_spawn_slave_client(struct tmate_ssh_client *client)

 	dup2(slave_pty, STDIN_FILENO);
 	dup2(slave_pty, STDOUT_FILENO);
-	stderr = stdout;
-	close(slave_pty);
+	dup2(slave_pty, STDERR_FILENO);
+
+	close_fds_except((int[]){STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO,
+				 tmux_socket_fd, ssh_get_fd(client->session),
+				 client->pty, fileno(log_file)}, 7);
+
+	ev_base = osdep_event_init();

 	tmate_ssh_client_pty_init(client);