| 1 |
commit: c01fdd27473a76d1c8b6edb1b9dfb2c29645b1c2 |
| 2 |
Author: Zac Medico <zmedico <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Thu Feb 22 02:44:06 2018 +0000 |
| 4 |
Commit: Zac Medico <zmedico <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Thu Feb 22 17:30:27 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/proj/portage.git/commit/?id=c01fdd27 |
| 7 |
|
| 8 |
emerge/ebuild: sanitize file descriptors on startup |
| 9 |
|
| 10 |
In order to ensure that any unintentionally inherited file descriptors |
| 11 |
will not be inherited by child processes, set the inheritable flag to |
| 12 |
False on startup, except for those corresponding to stdin, stdout, and |
| 13 |
stderr. This mitigates potential problems that might result from |
| 14 |
making the portage.process.spawn close_fds parameter default to False |
| 15 |
for versions of python with PEP 446 support. |
| 16 |
|
| 17 |
Bug: https://bugs.gentoo.org/648432 |
| 18 |
|
| 19 |
bin/ebuild | 2 ++ |
| 20 |
bin/emerge | 1 + |
| 21 |
pym/portage/process.py | 24 ++++++++++++++++++++++++ |
| 22 |
3 files changed, 27 insertions(+) |
| 23 |
|
| 24 |
diff --git a/bin/ebuild b/bin/ebuild |
| 25 |
index bda746f78..b1ef0573b 100755 |
| 26 |
--- a/bin/ebuild |
| 27 |
+++ b/bin/ebuild |
| 28 |
@@ -58,6 +58,8 @@ import portage.util |
| 29 |
from _emerge.Package import Package |
| 30 |
from _emerge.RootConfig import RootConfig |
| 31 |
|
| 32 |
+portage.process.sanitize_fds() |
| 33 |
+ |
| 34 |
description = "See the ebuild(1) man page for more info" |
| 35 |
usage = "Usage: ebuild <ebuild file> <command> [command] ..." |
| 36 |
parser = argparse.ArgumentParser(description=description, usage=usage) |
| 37 |
|
| 38 |
diff --git a/bin/emerge b/bin/emerge |
| 39 |
index 43cfdcddb..5f08861e5 100755 |
| 40 |
--- a/bin/emerge |
| 41 |
+++ b/bin/emerge |
| 42 |
@@ -46,6 +46,7 @@ try: |
| 43 |
if __name__ == "__main__": |
| 44 |
from portage.exception import IsADirectory, ParseError, \ |
| 45 |
PermissionDenied |
| 46 |
+ portage.process.sanitize_fds() |
| 47 |
try: |
| 48 |
retval = emerge_main() |
| 49 |
except PermissionDenied as e: |
| 50 |
|
| 51 |
diff --git a/pym/portage/process.py b/pym/portage/process.py |
| 52 |
index 4d96f156e..2af783e22 100644 |
| 53 |
--- a/pym/portage/process.py |
| 54 |
+++ b/pym/portage/process.py |
| 55 |
@@ -91,6 +91,30 @@ sandbox_capable = (os.path.isfile(SANDBOX_BINARY) and |
| 56 |
fakeroot_capable = (os.path.isfile(FAKEROOT_BINARY) and |
| 57 |
os.access(FAKEROOT_BINARY, os.X_OK)) |
| 58 |
|
| 59 |
+ |
| 60 |
+def sanitize_fds(): |
| 61 |
+ """ |
| 62 |
+ Set the inheritable flag to False for all open file descriptors, |
| 63 |
+ except for those corresponding to stdin, stdout, and stderr. This |
| 64 |
+ ensures that any unintentionally inherited file descriptors will |
| 65 |
+ not be inherited by child processes. |
| 66 |
+ """ |
| 67 |
+ if _set_inheritable is not None: |
| 68 |
+ |
| 69 |
+ whitelist = frozenset([ |
| 70 |
+ sys.__stdin__.fileno(), |
| 71 |
+ sys.__stdout__.fileno(), |
| 72 |
+ sys.__stderr__.fileno(), |
| 73 |
+ ]) |
| 74 |
+ |
| 75 |
+ for fd in get_open_fds(): |
| 76 |
+ if fd not in whitelist: |
| 77 |
+ try: |
| 78 |
+ _set_inheritable(fd, False) |
| 79 |
+ except OSError: |
| 80 |
+ pass |
| 81 |
+ |
| 82 |
+ |
| 83 |
def spawn_bash(mycommand, debug=False, opt_name=None, **keywords): |
| 84 |
""" |
| 85 |
Spawns a bash shell running a specific commands |
Archives