From patchwork Tue Jul 18 13:04:54 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Stephen Smalley <sds@tycho.nsa.gov>
X-Patchwork-Id: 9848311
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	E479D602A7 for <patchwork-selinux@patchwork.kernel.org>;
	Tue, 18 Jul 2017 13:02:20 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D4EDF28582
	for <patchwork-selinux@patchwork.kernel.org>;
	Tue, 18 Jul 2017 13:02:20 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id C99BD285A7; Tue, 18 Jul 2017 13:02:20 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED
	autolearn=ham version=3.3.1
Received: from USFB19PA13.eemsg.mail.mil (uphb19pa10.eemsg.mail.mil
	[214.24.26.84])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1E27428582
	for <patchwork-selinux@patchwork.kernel.org>;
	Tue, 18 Jul 2017 13:02:19 +0000 (UTC)
Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3])
	by USFB19PA13.eemsg.mail.mil with ESMTP; 18 Jul 2017 13:02:18 +0000
IronPort-PHdr: =?us-ascii?q?9a23=3ACHRLwRGDHqyV3XDsH3xmGp1GYnF86YWxBRYc798d?=
	=?us-ascii?q?s5kLTJ76oc+wAkXT6L1XgUPTWs2DsrQf1LqQ7vurADFIyK3CmU5BWaQEbwUCh8?=
	=?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnZBUin4YBF4?=
	=?us-ascii?q?IuXzB576k9W81+f0/YbaJQpPmmmTe7R3eS6qoB3Ru89euo5rLqI821OduXdTU/?=
	=?us-ascii?q?hHzmNvY1SIllDz4dnmr80ryDhZp/90r50Iaq79ZaltFbE=3D?=
X-IPAS-Result: =?us-ascii?q?A2AJAgDHTEFZ/wHyM5BeGgEBAQECAQEBAQgBAQEBFQEBAQE?=
	=?us-ascii?q?CAQEBAQgBAQEBgwIrYnsSjwGpDi0LiElXAQEBAQEBAQECAWoogjMigkQGAQJ2A?=
	=?us-ascii?q?wMJAQEXMQgDAVMZBYgGT4FFDRCwPyYCi0IFjwmCEIUnBZ5HhyyMGQ2LLYZcSJQ?=
	=?us-ascii?q?yV4EKJwkCHwghD4VUHIICWgGJegEBAQ?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea11.NCSC.MIL with ESMTP; 18 Jul 2017 13:02:16 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v6ID2COT031536;
	Tue, 18 Jul 2017 09:02:13 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	v6ID0kDv199803 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Tue, 18 Jul 2017 09:00:46 -0400
Received: from moss-pluto.infosec.tycho.ncsc.mil (moss-pluto
	[192.168.25.131])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id
	v6ID0gJY029941; Tue, 18 Jul 2017 09:00:45 -0400
From: Stephen Smalley <sds@tycho.nsa.gov>
To: selinux@tycho.nsa.gov
Date: Tue, 18 Jul 2017 09:04:54 -0400
Message-Id: <20170718130454.21079-2-sds@tycho.nsa.gov>
X-Mailer: git-send-email 2.9.4
In-Reply-To: <20170718130454.21079-1-sds@tycho.nsa.gov>
References: <20170718130454.21079-1-sds@tycho.nsa.gov>
Subject: [PATCH 2/2] open_init_pty: restore stdin/stdout to blocking upon
	exit
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

At exit, restore stdin and stdout to blocking.

Test: run_init id && run_init id
Test: open_init_pty bash -c 'echo hello; exec >&- 2>&- <&-; sleep 1;'

Fixes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863187
Fixes: https://bugs.gentoo.org/show_bug.cgi?id=621062
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 policycoreutils/run_init/open_init_pty.c | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/policycoreutils/run_init/open_init_pty.c b/policycoreutils/run_init/open_init_pty.c
index 6e25ea3..150cb45 100644
--- a/policycoreutils/run_init/open_init_pty.c
+++ b/policycoreutils/run_init/open_init_pty.c
@@ -191,6 +191,28 @@ static void setfd_nonblock(int fd)
 	}
 }
 
+static void setfd_block(int fd)
+{
+	int fsflags = fcntl(fd, F_GETFL);
+
+	if (fsflags < 0) {
+		fprintf(stderr, "fcntl(%d, F_GETFL): %s\n", fd, strerror(errno));
+		exit(EX_IOERR);
+	}
+
+	if (fcntl(fd, F_SETFL, fsflags & ~O_NONBLOCK) < 0) {
+		fprintf(stderr, "fcntl(%d, F_SETFL, ... & ~O_NONBLOCK): %s\n", fd, strerror(errno));
+		exit(EX_IOERR);
+	}
+}
+
+static void setfd_atexit(void)
+{
+	setfd_block(STDIN_FILENO);
+	setfd_block(STDOUT_FILENO);
+	return;
+}
+
 static void sigchld_handler(int asig __attribute__ ((unused)))
 {
 }
@@ -280,6 +302,10 @@ int main(int argc, char *argv[])
 	setfd_nonblock(pty_master);
 	setfd_nonblock(STDIN_FILENO);
 	setfd_nonblock(STDOUT_FILENO);
+	if (atexit(setfd_atexit) < 0) {
+		perror("atexit()");
+		exit(EXIT_FAILURE);
+	}
 
 	if (isatty(STDIN_FILENO)) {
 		if (tty_semi_raw(STDIN_FILENO) < 0) {