From patchwork Tue Jan  4 00:15:17 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Samuel Thibault <samuel.thibault@ens-lyon.org>
X-Patchwork-Id: 49499
Return-Path: <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 6C5FF3858432
	for <patchwork@sourceware.org>; Tue,  4 Jan 2022 00:15:37 +0000 (GMT)
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from hera.aquilenet.fr (hera.aquilenet.fr [IPv6:2a0c:e300::1])
 by sourceware.org (Postfix) with ESMTPS id A32003858C27
 for <libc-alpha@sourceware.org>; Tue,  4 Jan 2022 00:15:23 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org A32003858C27
Authentication-Results: sourceware.org;
 dmarc=none (p=none dis=none) header.from=ens-lyon.org
Authentication-Results: sourceware.org; spf=fail smtp.mailfrom=ens-lyon.org
Received: from localhost (localhost [127.0.0.1])
 by hera.aquilenet.fr (Postfix) with ESMTP id 5081C3E5;
 Tue,  4 Jan 2022 01:15:21 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
 by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id RuAIkjWuPkLZ; Tue,  4 Jan 2022 01:15:20 +0100 (CET)
Received: from begin (unknown [IPv6:2a01:cb19:956:1b00:de41:a9ff:fe47:ec49])
 by hera.aquilenet.fr (Postfix) with ESMTPSA id 996C4120;
 Tue,  4 Jan 2022 01:15:20 +0100 (CET)
Received: from samy by begin with local (Exim 4.95)
 (envelope-from <samuel.thibault@ens-lyon.org>) id 1n4XTz-00G5sM-Ql;
 Tue, 04 Jan 2022 01:15:19 +0100
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
To: libc-alpha@sourceware.org
Subject: [hurd,commited] hurd: Fix auth port leak
Date: Tue,  4 Jan 2022 01:15:17 +0100
Message-Id: <20220104001517.3835827-1-samuel.thibault@ens-lyon.org>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
X-Spamd-Bar: ++++
X-Rspamd-Server: hera
Authentication-Results: hera.aquilenet.fr;
	none
X-Rspamd-Queue-Id: 5081C3E5
X-Spamd-Result: default: False [4.90 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain];
 R_MISSING_CHARSET(2.50)[]; BROKEN_CONTENT_TYPE(1.50)[];
 RCVD_COUNT_THREE(0.00)[3]; MID_CONTAINS_FROM(1.00)[];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 RCVD_TLS_LAST(0.00)[]
X-Spam-Status: No, score=-11.7 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_PASS, SPF_NEUTRAL,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
Cc: commit-hurd@gnu.org
Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org
Sender: "Libc-alpha"
 <libc-alpha-bounces+patchwork=sourceware.org@sourceware.org>

If access() was used before exec, _hurd_id.rid_auth would cache an
"effective" auth port.  We do not want this to leak into the executed
program.
---
 hurd/hurdexec.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/hurd/hurdexec.c b/hurd/hurdexec.c
index 3dc61431d5..5b27f1861b 100644
--- a/hurd/hurdexec.c
+++ b/hurd/hurdexec.c
@@ -229,6 +229,14 @@ retry:
      reflects that our whole ID set differs from what we've set it to.  */
   __mutex_lock (&_hurd_id.lock);
   err = _hurd_check_ids ();
+
+  /* Avoid leaking the rid_auth port reference to the new progam */
+  if (_hurd_id.rid_auth != MACH_PORT_NULL)
+    {
+      __mach_port_deallocate (__mach_task_self (), _hurd_id.rid_auth);
+      _hurd_id.rid_auth = MACH_PORT_NULL;
+    }
+
   if (err == 0 && ((_hurd_id.aux.nuids >= 2 && _hurd_id.gen.nuids >= 1
 		    && _hurd_id.aux.uids[1] != _hurd_id.gen.uids[0])
 		   || (_hurd_id.aux.ngids >= 2 && _hurd_id.gen.ngids >= 1
@@ -244,11 +252,6 @@ retry:
       _hurd_id.aux.uids[1] = _hurd_id.gen.uids[0];
       _hurd_id.aux.gids[1] = _hurd_id.gen.gids[0];
       _hurd_id.valid = 0;
-      if (_hurd_id.rid_auth != MACH_PORT_NULL)
-	{
-	  __mach_port_deallocate (__mach_task_self (), _hurd_id.rid_auth);
-	  _hurd_id.rid_auth = MACH_PORT_NULL;
-	}
 
       err = __auth_makeauth (ports[INIT_PORT_AUTH],
 			     NULL, MACH_MSG_TYPE_COPY_SEND, 0,