Re: Session params output fails via cron

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 04/01/2019 22:04, Michael Wojcik wrote:

From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Jordan Brown
Sent: Friday, January 04, 2019 13:16
If you want to, what you want is something like:
       int fd;
       do {
               fd = open("/dev/null", O_RDWR);
       } while (fd < 3);
       close(fd);
(That's strictly not quite right, since it leaves 0 open writable and 1 and 2 open readable,
but that's pretty harmless.)

Behavior is unfortunate if open fails, e.g. because the NFILES limit is reached, or because /dev/null is inaccessible (e.g. due to a poorly-configured chroot). You'd be better off with (fd >= 0 && fd < 3).

Since source bytes are cheap, though, and there are at most three opens to be done, I'd just do it explicitly for the three stdio descriptors. That would also make the intention clear. (Yes, the intention of your version is clear to old UNIX hands. It might not be to other people.)

I'm ignoring portability considerations, since I personally don't think this would be a great thing to implement in the apps, so I'm not going to be submitting a PR for it.


A chroot with no other reason to open /dev/null should not contain that
file name, even on unix-like platforms (least privilege chroot design).

Please refer to my previous post about the many other reasons why
opening /dev/null has a high risk of failure.

Stepping back, it is worth investigating if:

 - Running TLS1.3 s_client with -ignoreeof and no stdin actually fails
  earlier than with stdin == /dev/null

 - If this is triggered by a code bug.

P.S.

On some Debian systems, cron runs scripts with stdout and stderr piped
(directly or indirectly) to a mail program that times out if a cron job
runs for a long time.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux