diff options
| author | Eric Blake <ebb9@byu.net> | 2009-10-28 14:36:09 -0600 |
|---|---|---|
| committer | Eric Blake <ebb9@byu.net> | 2009-10-28 21:12:41 -0600 |
| commit | 1c59bb3cefff73c532033863e60e9130892a50dd (patch) | |
| tree | 42f89ad649d5be625ac200f044c3f7acd5ee5e08 /src/nohup.c | |
| parent | 536a1fbe5ff47078d515a41ea4b45c4e0d794da2 (diff) | |
| download | coreutils-1c59bb3cefff73c532033863e60e9130892a50dd.tar.xz | |
nice, nohup, su: detect write failure to stderr
These programs can print non-fatal diagnostics to stderr prior to
exec'ing a subsidiary program. However, if we thought the situation
warranted a diagnostic, we insist that the diagnostic be printed
without error, rather than blindly exec, as it may be a security risk.
For an example, try 'nice -n -1 nice 2>/dev/full'. Failure to raise
priority (by lowering niceness) is not fatal, but failure to inform
the user about failure to change priority is dangerous.
* src/nice.c (main): Declare failure if writing advisory message
to stderr fails.
* src/nohup.c (main): Likewise.
* src/su.c (main): Likewise.
* tests/misc/nice: Test this.
* tests/misc/nohup: Likewise.
* NEWS: Document this.
Diffstat (limited to 'src/nohup.c')
| -rw-r--r-- | src/nohup.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/nohup.c b/src/nohup.c index 880cc7492..1f92c3f5a 100644 --- a/src/nohup.c +++ b/src/nohup.c @@ -203,6 +203,15 @@ main (int argc, char **argv) close (out_fd); } + /* error() flushes stderr, but does not check for write failure. + Normally, we would catch this via our atexit() hook of + close_stdout, but execvp() gets in the way. If stderr + encountered a write failure, there is no need to try calling + error() again, particularly since we may have just changed the + underlying fd out from under stderr. */ + if (ferror (stderr)) + exit (exit_internal_failure); + signal (SIGHUP, SIG_IGN); { |