Revision bump to distribute a fix that closes all file descriptors except stdin, stdout and stderr when using the /exec command. This stops child processes from having access to our network sockets and open log files. Closes bug #83683.

(Portage version: 2.0.51.19)

4 files changed, 51 insertions, 2 deletions

diff --git a/net-irc/xchat/ChangeLog b/net-irc/xchat/ChangeLog
index 3a4955492fec..1280b3bcf5ea 100644
--- a/net-irc/xchat/ChangeLog
+++ b/net-irc/xchat/ChangeLog
@@ -1,6 +1,16 @@
 # ChangeLog for net-irc/xchat
 # Copyright 2002-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/net-irc/xchat/ChangeLog,v 1.148 2005/02/25 16:36:43 agriffis Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-irc/xchat/ChangeLog,v 1.149 2005/03/04 22:28:23 swegener Exp $
+
+*xchat-2.4.1-r1 (04 Mar 2005)
+
+  04 Mar 2005; Sven Wegener <swegener@gentoo.org>
+  +files/2.4.1-close-fds-on-exec.patch, +xchat-2.4.1-r1.ebuild,
+  -xchat-2.4.1.ebuild:
+  Revision bump to distribute a fix that closes all file descriptors except
+  stdin, stdout and stderr when using the /exec command. This stops child
+  processes from having access to our network sockets and open log files.
+  Closes bug #83683.
 
   25 Feb 2005; Aron Griffis <agriffis@gentoo.org> xchat-2.4.1.ebuild:
   stable on ia64 #71997
diff --git a/net-irc/xchat/files/2.4.1-close-fds-on-exec.patch b/net-irc/xchat/files/2.4.1-close-fds-on-exec.patch
new file mode 100644
index 000000000000..598cfb1cf37b
--- /dev/null
+++ b/net-irc/xchat/files/2.4.1-close-fds-on-exec.patch
@@ -0,0 +1,38 @@
+--- src/common/util.c	28 Feb 2005 10:37:38 -0000	1.36
++++ src/common/util.c	4 Mar 2005 11:27:21 -0000	1.37
+@@ -1216,6 +1216,7 @@
+ 	int pid;
+ 	char **argv;
+ 	int argc;
++	int fd;
+ 
+ 	if (my_poptParseArgvString (cmd, &argc, &argv) != 0)
+ 		return -1;
+@@ -1226,6 +1227,8 @@
+ 		return -1;
+ 	if (pid == 0)
+ 	{
++		/* Now close all open file descriptors except stdin, stdout and stderr */
++		for (fd = 3; fd < 1024; fd++) close(fd);
+ 		execvp (argv[0], argv);
+ 		_exit (0);
+ 	} else
+--- src/common/outbound.c	26 Feb 2005 08:05:33 -0000	1.73
++++ src/common/outbound.c	4 Mar 2005 11:27:21 -0000	1.74
+@@ -1342,6 +1342,7 @@
+ 	int fds[2], pid = 0;
+ 	struct nbexec *s;
+ 	int shell = TRUE;
++	int fd;
+ 
+ 	if (*cmd)
+ 	{
+@@ -1411,6 +1412,8 @@
+ 			dup2 (fds[1], 2);
+ 			/* Also copy it to stdin so we can write to it */
+ 			dup2 (fds[1], 0);
++			/* Now close all open file descriptors except stdin, stdout and stderr */
++			for (fd = 3; fd < 1024; fd++) close(fd);
+ 			/* Now we call /bin/sh to run our cmd ; made it more friendly -DC1 */
+ 			if (shell)
+ 			{
diff --git a/net-irc/xchat/files/digest-xchat-2.4.1 b/net-irc/xchat/files/digest-xchat-2.4.1-r1
index c09c93cf6a1a..c09c93cf6a1a 100644
--- a/net-irc/xchat/files/digest-xchat-2.4.1
+++ b/net-irc/xchat/files/digest-xchat-2.4.1-r1
diff --git a/net-irc/xchat/xchat-2.4.1.ebuild b/net-irc/xchat/xchat-2.4.1-r1.ebuild
index 3b146bb48a63..c2762ee4b806 100644
--- a/net-irc/xchat/xchat-2.4.1.ebuild
+++ b/net-irc/xchat/xchat-2.4.1-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2005 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-irc/xchat/xchat-2.4.1.ebuild,v 1.13 2005/02/25 16:36:43 agriffis Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-irc/xchat/xchat-2.4.1-r1.ebuild,v 1.1 2005/03/04 22:28:23 swegener Exp $
 
 inherit flag-o-matic eutils
 
@@ -38,6 +38,7 @@ src_unpack() {
 
 	use xchatdccserver && epatch ${DISTDIR}/xchat-dccserver-0.4.patch
 	epatch ${FILESDIR}/${PV}-fe-text.patch
+	epatch ${FILESDIR}/${PV}-close-fds-on-exec.patch
 }
 
 src_compile() {