From 759900403d33baba313ae96d410d3a6807a694cc Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Mon, 8 Jul 2019 23:47:15 -0400 Subject: prevent dup2 action for posix_spawn internal pipe fd as reported by Tavian Barnes, a dup2 file action for the internal pipe fd used by posix_spawn could cause it to remain open after execve and allow the child to write an artificial error into it, confusing the parent. POSIX allows internal use of file descriptors by the implementation, with undefined behavior for poking at them, so this is not a conformance problem, but it seems preferable to diagnose and prevent the error when we can do so easily. catch attempts to apply a dup2 action to the internal pipe fd and emulate EBADF for it instead. --- src/process/posix_spawn.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/process/posix_spawn.c b/src/process/posix_spawn.c index 5aaf829d..306faa05 100644 --- a/src/process/posix_spawn.c +++ b/src/process/posix_spawn.c @@ -101,6 +101,10 @@ static int child(void *args_vp) break; case FDOP_DUP2: fd = op->srcfd; + if (fd == p) { + ret = -EBADF; + goto fail; + } if (fd != op->fd) { if ((ret=__sys_dup2(fd, op->fd))<0) goto fail; -- cgit v1.2.1