diff mbox series

[procd] Fix retriggering of init.d-scripts.

Message ID 18ea7470-f507-6424-b21a-00ac0f5673ba@genexis.eu
State New
Headers show
Series [procd] Fix retriggering of init.d-scripts. | expand

Commit Message

Markus Gothe Aug. 28, 2023, 2:12 p.m. UTC
Fix retriggering of init.d-scripts which calls
commands dependent on functional STDIN/STDOUT/STDERR.

If we just close these file descriptors those commands
will not work as expected leading to unwanted
consequences. If we instead redirect the file descriptors
to /dev/null, we will end up the same end-result and these
commands will work as expected.

Signed-off-by: Markus Gothe <markus.gothe@genexis.eu>
---
  service/trigger.c | 13 ++++++++++---
  1 file changed, 10 insertions(+), 3 deletions(-)

      blobmsg_for_each_attr(cur, cmd->data, rem)

Comments

Henrique de Moraes Holschuh Aug. 30, 2023, 1:12 p.m. UTC | #1
The sender domain has a DMARC Reject/Quarantine policy which disallows
sending mailing list messages using the original "From" header.

To mitigate this problem, the original message has been wrapped
automatically by the mailing list software.
Em 28/08/2023 11:12, Markus Gothe escreveu:
> Fix retriggering of init.d-scripts which calls
> commands dependent on functional STDIN/STDOUT/STDERR.

Yeah, it is no fun when some library decides to become allergic to one 
of FD0-2 being closed, and a O.S. update suddenly exposes this issue. 
Been there, suffered through it, learned from it.

So, this is right up there in the "Just don't do it" list, right after 
calling execve() with NULL for argv[0].  Avoid closed FDs 0-2 at program 
start like the plague: fix it first thing.  Never execve() anything with 
closed FDs 0-2 in the general case.

It is also true for shell scripts: don't close FDs 0-2, redirect them 
to/from /dev/null instead.  Don't repurpose them, either.

Data corruption (due to unexpected writes from just about anything) is a 
possible outcome of running stuff with FDs 0-2 closed or repurposed, 
BTW.  Consider yourself lucky when things just crash or exit with an 
error, instead.

IMHO, if they're not doing it already, ubus and all its helpers, such as 
rpcd, should be defensive about FDs 0-2 and ensure they are always 
properly open (to /dev/null if need be), preferably at program start, 
and certainly when they are about to execve() anything.

PS: I have attached an example of how one could do generic self-healing 
of the standard low FDs in C in a POSIX environment where fcntl() and 
dup2() are available.  Note that FD 2 is expected to be R/W, according 
to the C specification for stdio.h streams.
diff mbox series

Patch

diff --git a/service/trigger.c b/service/trigger.c
index 4af1474..324d78e 100644
--- a/service/trigger.c
+++ b/service/trigger.c
@@ -118,9 +118,16 @@  static void trigger_command_run(struct runqueue *q, 
struct runqueue_task *t)
      }

      if (debug < 3) {
-        close(STDIN_FILENO);
-        close(STDOUT_FILENO);
-        close(STDERR_FILENO);
+        int devnull = open("/dev/null", O_RDWR);
+
+        if (devnull >= 0) {
+            dup2(devnull, STDIN_FILENO);
+            dup2(devnull, STDOUT_FILENO);
+            dup2(devnull, STDERR_FILENO);
+
+            if (devnull > STDERR_FILENO)
+                close(devnull);
+        }
      }