smcv
commented
4 weeks ago Setting the members of privsep_sockets[] to -1
... is not (currently) something that cleanup_fdp() does, so this PR is wrong.
Open smcv opened 4 weeks ago
smcv
commented
4 weeks ago Setting the members of privsep_sockets[] to -1
... is not (currently) something that cleanup_fdp() does, so this PR is wrong.
Similar to #665, but for the socket pair that communicates privileged operations between the temporary unprivileged child and the privileged parent when we are setuid root.
Use PIPE_READ_END, PIPE_WRITE_END to clarify use of privileged op sockets
Both sockets in this socket pair are technically bidirectional, but we're using them in a way that is close enough to unidirectional that using these symbolic constants is clearer than magic numbers. We send multi-byte requests into the write end, and read those requests from the read end (even though we also send a 1-byte reply to each request into the "read" end, and read it from the "write" end).
utils: Add steal_fd()
This is inspired by g_steal_fd() in GLib, and lets us make it explicit that ownership of a fd is being moved, similar to steal_pointer().
Clarify ownership of privileged op sockets
Setting the members of privsep_sockets[] to -1 when they have been closed or had their ownership transferred is clearer than leaving behind dangling references.
cc @refi64