This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "Hurd".
The branch, master has been updated
via a179160d41424813a2cf07ab554180804ae14fdf (commit)
from a8d51bf0ce26fd26e00338540857f43b8a99e126 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit a179160d41424813a2cf07ab554180804ae14fdf
Author: Samuel Thibault <samuel.thiba...@ens-lyon.org>
Date: Sun Jan 2 01:23:27 2022 +0100
Fix leaking auth ports
We need to be extremely careful with auth ports since leaking them into
subprocesses may expose a root-auth port to non-root processes.
Notably, get_nonsugid_ids was caching it, thus preventing glibc's exec
implementation from dropping it. Login is also reimplementing hurdexec
but without all the cloexec logic.
This commit fixes various auth leaks.
-----------------------------------------------------------------------
Summary of changes:
libfshelp/fetch-root.c | 3 +++
libshouldbeinlibc/nullauth.c | 4 +++-
utils/login.c | 28 ++++++++++++++++++++++++----
utils/nonsugid.c | 6 +++---
utils/shd.c | 5 ++++-
utils/x.c | 4 +++-
6 files changed, 40 insertions(+), 10 deletions(-)
hooks/post-receive
--
Hurd
