Fix leaking auth ports

We need to be extremely careful with auth ports since leaking them into subprocesses may expose a root-auth port to non-root processes. Notably, get_nonsugid_ids was caching it, thus preventing glibc's exec implementation from dropping it. Login is also reimplementing hurdexec but without all the cloexec logic. This commit fixes various auth leaks.
author: Samuel Thibault <samuel.thibault@ens-lyon.org> 2022-01-02 01:23:27 +0100
committer: Samuel Thibault <samuel.thibault@ens-lyon.org> 2022-01-04 01:09:32 +0100
commit: a179160d41424813a2cf07ab554180804ae14fdf (patch)
tree: 1a9eaa1fc2e5f38c98f421488791614023aad0ce /libshouldbeinlibc
parent: a8d51bf0ce26fd26e00338540857f43b8a99e126 (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/libshouldbeinlibc/nullauth.c b/libshouldbeinlibc/nullauth.c
index 3a98e558..8a19b05c 100644
--- a/libshouldbeinlibc/nullauth.c
+++ b/libshouldbeinlibc/nullauth.c
@@ -29,14 +29,16 @@ setnullauth (void)
 {
   error_t err;
 
+  auth_t ourauth = getauth ();
   auth_t nullauth;
-  err = auth_makeauth (getauth (),
+  err = auth_makeauth (ourauth,
 		       NULL, MACH_MSG_TYPE_COPY_SEND, 0,
 		       NULL, 0,
 		       NULL, 0,
 		       NULL, 0,
 		       NULL, 0,
 		       &nullauth);
+  mach_port_deallocate (mach_task_self (), ourauth);
   if (err)
     return err;
author	Samuel Thibault <samuel.thibault@ens-lyon.org>	2022-01-02 01:23:27 +0100
committer	Samuel Thibault <samuel.thibault@ens-lyon.org>	2022-01-04 01:09:32 +0100
commit	a179160d41424813a2cf07ab554180804ae14fdf (patch)
tree	1a9eaa1fc2e5f38c98f421488791614023aad0ce /libshouldbeinlibc
parent	a8d51bf0ce26fd26e00338540857f43b8a99e126 (diff)