[syslog-ng] [PATCH] gprocess: Fix --no-caps handling when building with hardening options.

Gergely Nagy algernon at balabit.hu
Sat Nov 12 14:27:27 CET 2011 

When both glib and syslog-ng is built with hardening options enabled,
overwriting a string pointer with a FALSE boolean does not have the
expected results: the string will not become NULL.

In this case, --no-caps will end up with a segfault, because
process_opts.caps is non-NULL, and points to junk.

To fix this, introduce a new function that sets process_opts.caps to
NULL explicitly, and use this function as a callback, instead of
assuming that a FALSE boolean will have the expected results.

Reported-By: Peter Czanik <czanik at balabit.hu>
Signed-off-by: Gergely Nagy <algernon at balabit.hu>
---
 lib/gprocess.c |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)

diff --git a/lib/gprocess.c b/lib/gprocess.c
index 2ccaffe..aaefbab 100644
--- a/lib/gprocess.c
+++ b/lib/gprocess.c
@@ -1440,6 +1440,14 @@ g_process_process_mode_arg(const gchar *option_name G_GNUC_UNUSED, const gchar *
   return TRUE;
 }
 
+static gboolean
+g_process_process_no_caps(const gchar *option_name G_GNUC_UNUSED, const gchar *value G_GNUC_UNUSED,
+                          gpointer data G_GNUC_UNUSED, GError *error)
+{
+  process_opts.caps = NULL;
+  return TRUE;
+}
+
 static GOptionEntry g_process_option_entries[] =
 {
   { "foreground",   'F', G_OPTION_FLAG_REVERSE, G_OPTION_ARG_NONE,     &process_opts.mode,              "Do not go into the background after initialization", NULL },
@@ -1450,7 +1458,7 @@ static GOptionEntry g_process_option_entries[] =
   { "gid",            0,  G_OPTION_FLAG_HIDDEN, G_OPTION_ARG_STRING,   &process_opts.group,             NULL, NULL },
   { "chroot",       'C',                     0, G_OPTION_ARG_STRING,   &process_opts.chroot_dir,        "Chroot to this directory", "<dir>" },
   { "caps",           0,                     0, G_OPTION_ARG_STRING,   &process_opts.caps,              "Set default capability set", "<capspec>" },
-  { "no-caps",        0, G_OPTION_FLAG_REVERSE, G_OPTION_ARG_NONE,     &process_opts.caps,              "Disable managing Linux capabilities", NULL },
+  { "no-caps",        0,  G_OPTION_FLAG_NO_ARG, G_OPTION_ARG_CALLBACK, g_process_process_no_caps,       "Disable managing Linux capabilities", NULL },
   { "pidfile",      'p',                     0, G_OPTION_ARG_STRING,   &process_opts.pidfile,           "Set path to pid file", "<pidfile>" },
   { "enable-core",    0,                     0, G_OPTION_ARG_NONE,     &process_opts.core,              "Enable dumping core files", NULL },
   { "fd-limit",       0,                  0, G_OPTION_ARG_INT,      &process_opts.fd_limit_min,         "The minimum required number of fds", NULL },
-- 
1.7.7.2

More information about the syslog-ng mailing list