diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2015-01-29 11:49:26 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2015-01-29 11:49:26 +0000 |
| commit | 0257ca0c6ce27cc8d48323f5fc4f079c7f455b93 (patch) | |
| tree | b8c2c4511afbe9cdae35259d777094b9efa6fa50 /src/fdholder/s6-fdholderd.c | |
| parent | f05b37667624eb178a0d856da339d003f7d63b6e (diff) | |
| download | s6-0257ca0c6ce27cc8d48323f5fc4f079c7f455b93.tar.xz | |
I changed my mind. Added access control for listing to s6-fdholderd.
Diffstat (limited to 'src/fdholder/s6-fdholderd.c')
| -rw-r--r-- | src/fdholder/s6-fdholderd.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/fdholder/s6-fdholderd.c b/src/fdholder/s6-fdholderd.c index 58eecdc..c5a29e2 100644 --- a/src/fdholder/s6-fdholderd.c +++ b/src/fdholder/s6-fdholderd.c @@ -316,6 +316,7 @@ static int do_list (unsigned int cc, unixmessage_t const *m) siovec_t *vp = v + 1 ; char pack[5] = "" ; if (c->dumping || m->len || m->nfds) return (errno = EPROTO, 0) ; + if (!(c->flags & 4)) return answer(c, EPERM) ; uint32_pack_big(pack + 1, (uint32)numfds) ; v[0].s = pack ; v[0].len = 5 ; genset_iter(fdstore, &fill_siovec_with_ids_iter, &vp) ; @@ -554,6 +555,7 @@ static inline int parse_env (char const *const *envp, regex_t *rre, regex_t *wre { if (str_start(*envp, "S6_FDHOLDER_GETDUMP=")) fl |= 1 ; if (str_start(*envp, "S6_FDHOLDER_SETDUMP=")) fl |= 2 ; + if (str_start(*envp, "S6_FDHOLDER_LIST=")) fl |= 4 ; if (!rre_done) { rre_done = makere(rre, *envp, "S6_FDHOLDER_RETRIEVE_REGEX") ; @@ -675,9 +677,9 @@ int main (int argc, char const *const *argv, char const *const *envp) strerr_diefu1sys(111, "getrlimit") ; if (fdlimit.rlim_cur != RLIM_INFINITY) { - if (fdlimit.rlim_cur < 6) + if (fdlimit.rlim_cur < 7) strerr_dief1x(111, "open file limit too low") ; - if (maxfds > fdlimit.rlim_cur) maxfds = fdlimit.rlim_cur - 5 ; + if (maxfds > fdlimit.rlim_cur) maxfds = fdlimit.rlim_cur - 6 ; } } if (!maxfds) maxfds = 1 ; |