jonathancammack / rpms / openssh

Forked from rpms/openssh 8 months ago
Clone

Blame SOURCES/openssh-7.2p2-s390-closefrom.patch

3e8b5b
Zseries only: Leave the hardware filedescriptors open.
3e8b5b
3e8b5b
All filedescriptors above 2 are getting closed when a new
3e8b5b
sshd process to handle a new client connection is
3e8b5b
spawned. As the process also chroot into an empty filesystem
3e8b5b
without any device nodes, there is no chance to reopen the
3e8b5b
files. This patch filters out the reqired fds in the
3e8b5b
closefrom function so these are skipped in the close loop.
3e8b5b
3e8b5b
Author: Harald Freudenberger <freude@de.ibm.com>
3e8b5b
3e8b5b
---
3e8b5b
 openbsd-compat/bsd-closefrom.c |   26 ++++++++++++++++++++++++++
3e8b5b
 1 file changed, 26 insertions(+)
3e8b5b
3e8b5b
--- a/openbsd-compat/bsd-closefrom.c
3e8b5b
+++ b/openbsd-compat/bsd-closefrom.c
3e8b5b
@@ -82,7 +82,33 @@ closefrom(int lowfd)
3e8b5b
 	    fd = strtol(dent->d_name, &endp, 10);
3e8b5b
 	    if (dent->d_name != endp && *endp == '\0' &&
3e8b5b
 		fd >= 0 && fd < INT_MAX && fd >= lowfd && fd != dirfd(dirp))
3e8b5b
+#ifdef __s390__
3e8b5b
+		{
3e8b5b
+		    /*
3e8b5b
+		     * the filedescriptors used to communicate with
3e8b5b
+		     * the device drivers to provide hardware support
3e8b5b
+		     * should survive. HF <freude@de.ibm.com>
3e8b5b
+		     */
3e8b5b
+		    char fpath[PATH_MAX], lpath[PATH_MAX];
3e8b5b
+		    len = snprintf(fpath, sizeof(fpath), "%s/%s",
3e8b5b
+				   fdpath, dent->d_name);
3e8b5b
+		    if (len > 0 && (size_t)len <= sizeof(fpath)) {
3e8b5b
+			len = readlink(fpath, lpath, sizeof(lpath));
3e8b5b
+			if (len > 0) {
3e8b5b
+			    lpath[len] = 0;
3e8b5b
+			    if (strstr(lpath, "dev/z90crypt")
3e8b5b
+				|| strstr(lpath, "dev/zcrypt")
3e8b5b
+				|| strstr(lpath, "dev/prandom")
3e8b5b
+				|| strstr(lpath, "dev/shm/icastats"))
3e8b5b
+				fd = -1;
3e8b5b
+			}
3e8b5b
+		    }
3e8b5b
+		    if (fd >= 0)
3e8b5b
+			(void) close((int) fd);
3e8b5b
+		}
3e8b5b
+#else
3e8b5b
 		(void) close((int) fd);
3e8b5b
+#endif
3e8b5b
 	}
3e8b5b
 	(void) closedir(dirp);
3e8b5b
     } else
3e8b5b