Fix leaking auth ports

We need to be extremely careful with auth ports since leaking them into subprocesses may expose a root-auth port to non-root processes. Notably, get_nonsugid_ids was caching it, thus preventing glibc's exec implementation from dropping it. Login is also reimplementing hurdexec but without all the cloexec logic. This commit fixes various auth leaks.
author: Samuel Thibault <samuel.thibault@ens-lyon.org> 2022-01-02 01:23:27 +0100
committer: Samuel Thibault <samuel.thibault@ens-lyon.org> 2022-01-04 01:09:32 +0100
commit: a179160d41424813a2cf07ab554180804ae14fdf (patch)
tree: 1a9eaa1fc2e5f38c98f421488791614023aad0ce /libfshelp/fetch-root.c
parent: a8d51bf0ce26fd26e00338540857f43b8a99e126 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/libfshelp/fetch-root.c b/libfshelp/fetch-root.c
index c1001bc3..f3ae0ee9 100644
--- a/libfshelp/fetch-root.c
+++ b/libfshelp/fetch-root.c
@@ -153,6 +153,9 @@ fshelp_fetch_root (struct transbox *box, void *cookie,
 	if (i != INIT_PORT_CWDIR)
 	  mach_port_deallocate (mach_task_self (), ports[i]);
 
+      if (ourauth != MACH_PORT_NULL)
+	mach_port_deallocate (mach_task_self (), ourauth);
+
       pthread_mutex_lock (box->lock);
 
       free (argz);
author	Samuel Thibault <samuel.thibault@ens-lyon.org>	2022-01-02 01:23:27 +0100
committer	Samuel Thibault <samuel.thibault@ens-lyon.org>	2022-01-04 01:09:32 +0100
commit	a179160d41424813a2cf07ab554180804ae14fdf (patch)
tree	1a9eaa1fc2e5f38c98f421488791614023aad0ce /libfshelp/fetch-root.c
parent	a8d51bf0ce26fd26e00338540857f43b8a99e126 (diff)