Add -z option to s6-tlsc/s6-tlsd to clean TLS env vars before spawning (default)

author: Laurent Bercot <ska-skaware@skarnet.org> 2016-11-26 10:04:40 +0000
committer: Laurent Bercot <ska-skaware@skarnet.org> 2016-11-26 10:04:40 +0000
commit: 08e88c5efc65a6f49da40aa002bc5f4b0ebee49d (patch)
tree: 21a3feb40eb54e5f5152cc8605f4c5e07e85052b /src/sbearssl
parent: 9e6464c5f9d82158d81c027207594b5e12a94ca5 (diff)
download: s6-networking-08e88c5efc65a6f49da40aa002bc5f4b0ebee49d.tar.xz
3 files changed, 5 insertions, 2 deletions
diff --git a/src/sbearssl/deps-lib/sbearssl b/src/sbearssl/deps-lib/sbearssl
index 0b7b02f..4e2d76c 100644
--- a/src/sbearssl/deps-lib/sbearssl
+++ b/src/sbearssl/deps-lib/sbearssl
@@ -31,4 +31,5 @@ sbearssl_ta_to.o
 sbearssl_s6tlsc.o
 sbearssl_s6tlsd.o
 -lbearssl
+-ls6net
 -lskarnet
diff --git a/src/sbearssl/sbearssl_s6tlsc.c b/src/sbearssl/sbearssl_s6tlsc.c
index 8bc8f65..5665edc 100644
--- a/src/sbearssl/sbearssl_s6tlsc.c
+++ b/src/sbearssl/sbearssl_s6tlsc.c
@@ -11,6 +11,7 @@
 #include <skalibs/genalloc.h>
 #include <skalibs/djbunix.h>
 #include <skalibs/random.h>
+#include <s6-networking/s6net-utils.h>
 #include <s6-networking/sbearssl.h>
 
 int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, char const *servername, int *sfd)
@@ -65,7 +66,7 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co
     br_ssl_engine_inject_entropy(&cc.eng, buf, 32) ;
     random_finish() ;
 
-    pid = child_spawn2(argv[0], argv, envp, fds) ;
+    pid = s6net_clean_tls_and_spawn(argv, envp, fds, !!(preoptions & 2)) ;
     if (gid && setgid(gid) < 0) strerr_diefu1sys(111, "setgid") ;
     if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ;
 
diff --git a/src/sbearssl/sbearssl_s6tlsd.c b/src/sbearssl/sbearssl_s6tlsd.c
index 35dd18a..3a27e9f 100644
--- a/src/sbearssl/sbearssl_s6tlsd.c
+++ b/src/sbearssl/sbearssl_s6tlsd.c
@@ -11,6 +11,7 @@
 #include <skalibs/genalloc.h>
 #include <skalibs/djbunix.h>
 #include <skalibs/random.h>
+#include <s6-networking/s6net-utils.h>
 #include <s6-networking/sbearssl.h>
 
 int sbearssl_s6tlsd (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity)
@@ -90,7 +91,7 @@ int sbearssl_s6tlsd (char const *const *argv, char const *const *envp, tain_t co
     br_ssl_engine_inject_entropy(&sc.eng, buf, 32) ;
     random_finish() ;
 
-    pid = child_spawn2(argv[0], argv, envp, fds) ;
+    pid = s6net_clean_tls_and_spawn(argv, envp, fds, !!(preoptions & 2)) ;
     if (!pid) strerr_diefu2sys(111, "spawn ", argv[0]) ;
     if (gid && setgid(gid) < 0) strerr_diefu1sys(111, "setgid") ;
     if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ;
author	Laurent Bercot <ska-skaware@skarnet.org>	2016-11-26 10:04:40 +0000
committer	Laurent Bercot <ska-skaware@skarnet.org>	2016-11-26 10:04:40 +0000
commit	08e88c5efc65a6f49da40aa002bc5f4b0ebee49d (patch)
tree	21a3feb40eb54e5f5152cc8605f4c5e07e85052b /src/sbearssl
parent	9e6464c5f9d82158d81c027207594b5e12a94ca5 (diff)
download	s6-networking-08e88c5efc65a6f49da40aa002bc5f4b0ebee49d.tar.xz