From a179160d41424813a2cf07ab554180804ae14fdf Mon Sep 17 00:00:00 2001
From: Samuel Thibault <samuel.thibault@ens-lyon.org>
Date: Sun, 2 Jan 2022 01:23:27 +0100
Subject: Fix leaking auth ports

We need to be extremely careful with auth ports since leaking them into
subprocesses may expose a root-auth port to non-root processes.

Notably, get_nonsugid_ids was caching it, thus preventing glibc's exec
implementation from dropping it. Login is also reimplementing hurdexec
but without all the cloexec logic.

This commit fixes various auth leaks.
---
 libfshelp/fetch-root.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'libfshelp/fetch-root.c')

diff --git a/libfshelp/fetch-root.c b/libfshelp/fetch-root.c
index c1001bc3..f3ae0ee9 100644
--- a/libfshelp/fetch-root.c
+++ b/libfshelp/fetch-root.c
@@ -153,6 +153,9 @@ fshelp_fetch_root (struct transbox *box, void *cookie,
 	if (i != INIT_PORT_CWDIR)
 	  mach_port_deallocate (mach_task_self (), ports[i]);
 
+      if (ourauth != MACH_PORT_NULL)
+	mach_port_deallocate (mach_task_self (), ourauth);
+
       pthread_mutex_lock (box->lock);
 
       free (argz);
-- 
cgit v1.2.3