From 0257ca0c6ce27cc8d48323f5fc4f079c7f455b93 Mon Sep 17 00:00:00 2001 From: Laurent Bercot Date: Thu, 29 Jan 2015 11:49:26 +0000 Subject: I changed my mind. Added access control for listing to s6-fdholderd. --- src/fdholder/s6-fdholderd.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/fdholder/s6-fdholderd.c b/src/fdholder/s6-fdholderd.c index 58eecdc..c5a29e2 100644 --- a/src/fdholder/s6-fdholderd.c +++ b/src/fdholder/s6-fdholderd.c @@ -316,6 +316,7 @@ static int do_list (unsigned int cc, unixmessage_t const *m) siovec_t *vp = v + 1 ; char pack[5] = "" ; if (c->dumping || m->len || m->nfds) return (errno = EPROTO, 0) ; + if (!(c->flags & 4)) return answer(c, EPERM) ; uint32_pack_big(pack + 1, (uint32)numfds) ; v[0].s = pack ; v[0].len = 5 ; genset_iter(fdstore, &fill_siovec_with_ids_iter, &vp) ; @@ -554,6 +555,7 @@ static inline int parse_env (char const *const *envp, regex_t *rre, regex_t *wre { if (str_start(*envp, "S6_FDHOLDER_GETDUMP=")) fl |= 1 ; if (str_start(*envp, "S6_FDHOLDER_SETDUMP=")) fl |= 2 ; + if (str_start(*envp, "S6_FDHOLDER_LIST=")) fl |= 4 ; if (!rre_done) { rre_done = makere(rre, *envp, "S6_FDHOLDER_RETRIEVE_REGEX") ; @@ -675,9 +677,9 @@ int main (int argc, char const *const *argv, char const *const *envp) strerr_diefu1sys(111, "getrlimit") ; if (fdlimit.rlim_cur != RLIM_INFINITY) { - if (fdlimit.rlim_cur < 6) + if (fdlimit.rlim_cur < 7) strerr_dief1x(111, "open file limit too low") ; - if (maxfds > fdlimit.rlim_cur) maxfds = fdlimit.rlim_cur - 5 ; + if (maxfds > fdlimit.rlim_cur) maxfds = fdlimit.rlim_cur - 6 ; } } if (!maxfds) maxfds = 1 ; -- cgit v1.2.3