From 87bbb85674277f43cb219223303c2e76f92c48dd Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=A9mie=20Galarneau?= Date: Wed, 15 May 2019 11:37:55 -0400 Subject: [PATCH] Fix: double close of directory fd in runas worker MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The run-as worker implements its mkdirat and mkdirat_recursive commands on top of the lttng_directory_handle interface. When a directory handle is created from a directory file descriptor, it assumes the ownership of this file descriptor and it will release it when lttng_directory_handle_fini() is invoked. The runas worker's post-command clean-up closes any file descriptor received from its client. The command structure's `fd` is set to `-1` in order to make the received file descriptor invalid and prevent the double-close. Signed-off-by: Jérémie Galarneau --- src/common/runas.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/common/runas.c b/src/common/runas.c index c77f198c4..45aad109a 100644 --- a/src/common/runas.c +++ b/src/common/runas.c @@ -199,6 +199,8 @@ int _mkdirat_recursive(struct run_as_data *data, struct run_as_ret *ret_value) mode = data->u.mkdirat.mode; (void) lttng_directory_handle_init_from_dirfd(&handle, data->fd); + /* Ownership of dirfd is transferred to the handle. */ + data->fd = -1; /* Safe to call as we have transitioned to the requested uid/gid. */ ret_value->u.mkdirat.ret = lttng_directory_handle_create_subdirectory_recursive( @@ -220,6 +222,8 @@ int _mkdirat(struct run_as_data *data, struct run_as_ret *ret_value) mode = data->u.mkdirat.mode; (void) lttng_directory_handle_init_from_dirfd(&handle, data->fd); + /* Ownership of dirfd is transferred to the handle. */ + data->fd = -1; /* Safe to call as we have transitioned to the requested uid/gid. */ ret_value->u.mkdirat.ret = lttng_directory_handle_create_subdirectory( -- 2.34.1