qbit/xenocara
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Release unused filedescriptors in the privileged X server process.

Browse Source 
There is no reason to keep /dev/pci* and /dev/ttyC* open in this process.
pointed to  by deraadt. ok kettenis@ deraadt@
This commit is contained in:
matthieu 2020-04-20 18:17:25 +00:00
parent 806accb3da
commit ad9a065c46
6 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
xserver/hw/kdrive/ephyr/ephyrinit.c
View File

@ -375,6 +375,13 @@ OsVendorInit(void)
}
}
#ifdef X_PRIVSEP
void
priv_vendor_init(void)
{
}
#endif
KdCardFuncs ephyrFuncs = {
ephyrCardInit, /* cardinit */
ephyrScreenInitialize, /* scrinit */

7
xserver/hw/vfb/InitOutput.c
View File

@ -219,6 +219,13 @@ OsVendorInit(void)
{
}
#ifdef X_PRIVSEP
void
priv_vendor_init(void)
{
}
#endif
void
OsVendorFatalError(const char *f, va_list args)
{

11
xserver/hw/xfree86/os-support/bsd/bsd_init.c
View File

@ -820,4 +820,15 @@ xf86DropPriv(void)
}
}
}
/*
* Called in the privileged child
*/
void
priv_vendor_init(void)
{
/* release resources it won't need */
pci_system_cleanup();
close(xf86Info.consoleFd);
}
#endif

8
xserver/hw/xnest/Init.c
View File

@ -156,6 +156,14 @@ OsVendorInit(void)
return;
}
#ifdef X_PRIVSEP
void
priv_vendor_init(void)
{
return;
}
#endif
void
OsVendorFatalError(const char *f, va_list args)
{

2
xserver/include/os.h
View File

@ -314,6 +314,8 @@ extern _X_EXPORT int
ChownLock(uid_t, gid_t);
extern _X_EXPORT int
priv_open_device(const char *);
extern _X_EXPORT void
priv_vendor_init(void);
#endif
extern _X_EXPORT int

3
xserver/os/privsep.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: privsep.c,v 1.31 2019/06/11 14:51:34 jcs Exp $ */
/* $OpenBSD: privsep.c,v 1.32 2020/04/20 18:17:26 matthieu Exp $ */
/*
* Copyright 2001 Niels Provos <provos@citi.umich.edu>
* All rights reserved.
@ -279,6 +279,7 @@ priv_init(uid_t uid, gid_t gid)
signal(i, SIG_DFL);
setproctitle("[priv]");
close(socks[1]);
priv_vendor_init();
for (dev = allowed_devices; dev->name != NULL; dev++) {
if (unveil(dev->name, "rw") == -1)