Mirrors/criu
1
0
Fork 0
mirror of https://github.com/checkpoint-restore/criu.git synced 2026-01-23 02:14:37 +00:00
Code Issues Projects Releases Wiki Activity

cuda: don't leak fds to cuda-checkpoint

Browse source 
Leaking open file descriptors to third-party tools can lead
to security risks.

Signed-off-by: Radostin Stoyanov <rstoyanov@fedoraproject.org>
This commit is contained in:
Radostin Stoyanov 2024-07-08 16:53:39 +01:00 committed by Andrei Vagin
parent 4dde52a308
commit fde0b7ac69
3 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
criu/include/util.h
View file

@ -170,6 +170,7 @@ extern pid_t fork_and_ptrace_attach(int (*child_setup)(void));
extern int cr_daemon(int nochdir, int noclose, int close_fd);
extern int status_ready(void);
extern int is_root_user(void);
extern int close_fds(int minfd);
extern int set_proc_self_fd(int fd);

2
criu/util.c
View file

@ -524,7 +524,7 @@ int cr_close_range(unsigned int fd, unsigned int max_fd, unsigned int flags)
return syscall(__NR_close_range, fd, max_fd, flags);
}
static int close_fds(int minfd)
int close_fds(int minfd)
{
DIR *dir;
struct dirent *de;

4
plugins/cuda/cuda_plugin.c
View file

@ -115,7 +115,9 @@ static int launch_cuda_checkpoint(const char **args, char *buf, int buf_size)
if (dup2(fd[WRITE], STDERR_FILENO) == -1) {
return -1;
}
close(fd[READ]);
close_fds(STDERR_FILENO + 1);
return execvp(args[0], (char **)args);
} else { // parent
close(fd[WRITE]);