diff --git a/sys/src/libauth/auth_challenge.c b/sys/src/libauth/auth_challenge.c index 5ab0ee6a1..63f670b4c 100644 --- a/sys/src/libauth/auth_challenge.c +++ b/sys/src/libauth/auth_challenge.c @@ -23,7 +23,7 @@ auth_challenge(char *fmt, ...) return nil; } - if((c->afd = open("/mnt/factotum/rpc", ORDWR)) < 0){ + if((c->afd = open("/mnt/factotum/rpc", ORDWR|OCEXEC)) < 0){ Error: auth_freechal(c); free(p); diff --git a/sys/src/libauth/auth_chuid.c b/sys/src/libauth/auth_chuid.c index 300e93f67..6b3819e86 100644 --- a/sys/src/libauth/auth_chuid.c +++ b/sys/src/libauth/auth_chuid.c @@ -16,7 +16,7 @@ auth_chuid(AuthInfo *ai, char *ns) } /* change uid */ - fd = open("#¤/capuse", OWRITE); + fd = open("#¤/capuse", OWRITE|OCEXEC); if(fd < 0){ werrstr("opening #¤/capuse: %r"); return -1; @@ -29,10 +29,10 @@ auth_chuid(AuthInfo *ai, char *ns) } /* get a link to factotum as new user */ - fd = open("/srv/factotum", ORDWR); + fd = open("/srv/factotum", ORDWR|OCEXEC); if(fd >= 0){ - mount(fd, -1, "/mnt", MREPL, ""); - close(fd); + if(mount(fd, -1, "/mnt", MREPL, "") == -1) + close(fd); } /* set up new namespace */ diff --git a/sys/src/libauth/auth_getuserpasswd.c b/sys/src/libauth/auth_getuserpasswd.c index 4d66dcecb..831ee3300 100644 --- a/sys/src/libauth/auth_getuserpasswd.c +++ b/sys/src/libauth/auth_getuserpasswd.c @@ -32,12 +32,11 @@ auth_getuserpasswd(AuthGetkey *getkey, char *fmt, ...) UserPasswd *up; up = nil; - rpc = nil; params = nil; - fd = open("/mnt/factotum/rpc", ORDWR); + fd = open("/mnt/factotum/rpc", ORDWR|OCEXEC); if(fd < 0) - goto out; + return nil; rpc = auth_allocrpc(fd); if(rpc == nil) goto out; @@ -69,7 +68,7 @@ auth_getuserpasswd(AuthGetkey *getkey, char *fmt, ...) out: free(params); - auth_freerpc(rpc); close(fd); + auth_freerpc(rpc); return up; } diff --git a/sys/src/libauth/auth_proxy.c b/sys/src/libauth/auth_proxy.c index 68987140a..3f9f03694 100644 --- a/sys/src/libauth/auth_proxy.c +++ b/sys/src/libauth/auth_proxy.c @@ -200,7 +200,7 @@ auth_proxy(int fd, AuthGetkey *getkey, char *fmt, ...) va_end(arg); ai = nil; - afd = open("/mnt/factotum/rpc", ORDWR); + afd = open("/mnt/factotum/rpc", ORDWR|OCEXEC); if(afd < 0){ werrstr("opening /mnt/factotum/rpc: %r"); free(p); diff --git a/sys/src/libauth/auth_respond.c b/sys/src/libauth/auth_respond.c index cab4446e0..b5a362571 100644 --- a/sys/src/libauth/auth_respond.c +++ b/sys/src/libauth/auth_respond.c @@ -31,7 +31,7 @@ dorespond(void *chal, uint nchal, char *user, uint nuser, void *resp, uint nresp AuthRpc *rpc; Attr *a; - if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0) + if((afd = open("/mnt/factotum/rpc", ORDWR|OCEXEC)) < 0) return -1; if((rpc = auth_allocrpc(afd)) == nil){ diff --git a/sys/src/libauth/auth_userpasswd.c b/sys/src/libauth/auth_userpasswd.c index 62ed2c0da..df5b5834f 100644 --- a/sys/src/libauth/auth_userpasswd.c +++ b/sys/src/libauth/auth_userpasswd.c @@ -11,7 +11,7 @@ auth_userpasswd(char *user, char *passwd) char *s; int afd; - afd = open("/mnt/factotum/rpc", ORDWR); + afd = open("/mnt/factotum/rpc", ORDWR|OCEXEC); if(afd < 0) return nil; ai = nil; diff --git a/sys/src/libauth/newns.c b/sys/src/libauth/newns.c index fd5d6cb59..91bf5f802 100644 --- a/sys/src/libauth/newns.c +++ b/sys/src/libauth/newns.c @@ -41,7 +41,7 @@ buildns(int newns, char *user, char *file) rpc = nil; /* try for factotum now because later is impossible */ - afd = open("/mnt/factotum/rpc", ORDWR); + afd = open("/mnt/factotum/rpc", ORDWR|OCEXEC); if(afd < 0 && newnsdebug) fprint(2, "open /mnt/factotum/rpc: %r\n"); if(afd >= 0){ @@ -58,8 +58,8 @@ buildns(int newns, char *user, char *file) } file = "/lib/namespace"; } - b = Bopen(file, OREAD); - if(b == 0){ + b = Bopen(file, OREAD|OCEXEC); + if(b == nil){ werrstr("can't open %s: %r", file); return freecloserpc(rpc); } @@ -135,6 +135,8 @@ famount(int fd, AuthRpc *rpc, char *mntpt, int flags, char *aname) auth_freeAI(ai); } ret = mount(fd, afd, mntpt, flags, aname); + if(ret == -1) + close(fd); if(afd >= 0) close(afd); return ret; @@ -151,7 +153,7 @@ nsop(char *fn, int argc, char *argv[], AuthRpc *rpc) cdroot = 0; flags = 0; - argv0 = 0; + argv0 = nil; if(newnsdebug){ for (i = 0; i < argc; i++) fprint(2, "%s ", argv[i]); @@ -176,7 +178,7 @@ nsop(char *fn, int argc, char *argv[], AuthRpc *rpc) flags |= MREPL; if(strcmp(argv0, ".") == 0 && argc == 1){ - b = Bopen(argv[0], OREAD); + b = Bopen(argv[0], OREAD|OCEXEC); if(b == nil) return 0; cdroot |= nsfile(fn, b, rpc); @@ -192,7 +194,7 @@ nsop(char *fn, int argc, char *argv[], AuthRpc *rpc) else if(argc == 2) unmount(argv[0], argv[1]); }else if(strcmp(argv0, "mount") == 0){ - fd = open(argv[0], ORDWR); + fd = open(argv[0], ORDWR|OCEXEC); if(fd < 0){ if(newnsdebug) fprint(2, "%s: mount: %s: %r\n", fn, argv[0]); @@ -204,8 +206,9 @@ nsop(char *fn, int argc, char *argv[], AuthRpc *rpc) }else if(argc == 3){ if(famount(fd, rpc, argv[1], flags, argv[2]) == -1 && newnsdebug) fprint(2, "%s: mount: %s %s %s: %r\n", fn, argv[0], argv[1], argv[2]); + } else { + close(fd); } - close(fd); }else if(strcmp(argv0, "cd") == 0 && argc == 1){ if(chdir(argv[0]) == 0 && *argv[0] == '/') cdroot = 1; @@ -316,7 +319,7 @@ expandarg(char *arg, char *buf) strcpy(env, "#e/"); strncpy(env+3, p, len); env[3+len] = '\0'; - fd = open(env, OREAD); + fd = open(env, OREAD|OCEXEC); if(fd >= 0){ len = read(fd, &buf[n], ANAMELEN - 1); /* some singleton environment variables have trailing NULs */ @@ -345,7 +348,7 @@ setenv(char *name, char *val) long s; sprint(ename, "#e/%s", name); - f = create(ename, OWRITE, 0664); + f = create(ename, OWRITE|OCEXEC, 0664); if(f < 0) return -1; s = strlen(val); diff --git a/sys/src/libauth/noworld.c b/sys/src/libauth/noworld.c index c61b1463c..b8687f194 100644 --- a/sys/src/libauth/noworld.c +++ b/sys/src/libauth/noworld.c @@ -15,7 +15,7 @@ noworld(char *user) char *p; int n; - b = Bopen("/adm/users", OREAD); + b = Bopen("/adm/users", OREAD|OCEXEC); if(b == nil) return 0; while((p = Brdline(b, '\n')) != nil){