* Move setuidCleanup() to libutil.
This commit is contained in:
parent
f76fdb6d42
commit
a82d80ddeb
|
@ -1,22 +0,0 @@
|
|||
/* Code shared between libmain and nix-setuid-helper. */
|
||||
|
||||
extern char * * environ;
|
||||
|
||||
|
||||
namespace nix {
|
||||
|
||||
|
||||
void setuidCleanup()
|
||||
{
|
||||
/* Don't trust the environment. */
|
||||
environ = 0;
|
||||
|
||||
/* Make sure that file descriptors 0, 1, 2 are open. */
|
||||
for (int fd = 0; fd <= 2; ++fd) {
|
||||
struct stat st;
|
||||
if (fstat(fd, &st) == -1) abort();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
}
|
|
@ -14,9 +14,6 @@
|
|||
#include <aterm2.h>
|
||||
|
||||
|
||||
#include "setuid-common.hh"
|
||||
|
||||
|
||||
namespace nix {
|
||||
|
||||
|
||||
|
|
|
@ -17,6 +17,9 @@
|
|||
#include "util.hh"
|
||||
|
||||
|
||||
extern char * * environ;
|
||||
|
||||
|
||||
namespace nix {
|
||||
|
||||
|
||||
|
@ -818,6 +821,19 @@ void quickExit(int status)
|
|||
}
|
||||
|
||||
|
||||
void setuidCleanup()
|
||||
{
|
||||
/* Don't trust the environment. */
|
||||
environ = 0;
|
||||
|
||||
/* Make sure that file descriptors 0, 1, 2 are open. */
|
||||
for (int fd = 0; fd <= 2; ++fd) {
|
||||
struct stat st;
|
||||
if (fstat(fd, &st) == -1) abort();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
//////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
||||
|
|
|
@ -237,6 +237,10 @@ string runProgram(Path program);
|
|||
Cygwin, _exit() doesn't seem to do the right thing.) */
|
||||
void quickExit(int status);
|
||||
|
||||
/* Common initialisation for setuid programs: clear the environment,
|
||||
sanitize file handles 0, 1 and 2. */
|
||||
void setuidCleanup();
|
||||
|
||||
|
||||
/* User interruption. */
|
||||
|
||||
|
|
|
@ -12,11 +12,12 @@
|
|||
|
||||
#include "util.hh"
|
||||
|
||||
#include "../libmain/setuid-common.hh"
|
||||
|
||||
using namespace nix;
|
||||
|
||||
|
||||
extern char * * environ;
|
||||
|
||||
|
||||
/* Recursively change the ownership of `path' to user `uidTo' and
|
||||
group `gidTo'. `path' must currently be owned by user `uidFrom',
|
||||
or, if `uidFrom' is -1, by group `gidFrom'. */
|
||||
|
|
Loading…
Reference in a new issue