Skip to content

Do not close FDs 0, 1, or 2 #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 9 commits into from
Closed

Do not close FDs 0, 1, or 2 #186

wants to merge 9 commits into from

Conversation

@DemiMarie
Copy link
Contributor

@DemiMarie DemiMarie commented Jan 9, 2025

If they are closed, another file descriptor could be created with these numbers, and so standard library functions that use them might write to an unwanted place. dup2() a file descriptor to /dev/null over them instead.

@codecov
Copy link

codecov bot commented Jan 9, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 55.00000% with 36 lines in your changes missing coverage. Please review.
✅ Project coverage is 79.09%. Comparing base (7e30563) to head (ae2281c).
⚠️ Report is 53 commits behind head on main.

Files with missing lines Patch % Lines
agent/qrexec-agent.c 55.00% 36 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #186      +/-   ##
==========================================
+ Coverage   78.84%   79.09%   +0.24%     
==========================================
  Files          55       55              
  Lines       10146    10182      +36     
==========================================
+ Hits         8000     8053      +53     
+ Misses       2146     2129      -17

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@DemiMarie
Copy link
Contributor Author

DemiMarie commented Jan 10, 2025

Codecov appears to not be testing what happens in the child process after fork() and the error path of “cannot open /dev/null”.

@marmarek
Copy link
Member

marmarek commented Jan 10, 2025

AFAIR unit tests do not cover the PAM handling part, as they are not running as a system service, test runners don't have necessary PAM configuration etc.

This was referenced Jan 11, 2025
Closed
Merged
@qubesos-bot
Copy link

qubesos-bot commented Jan 11, 2025
edited
Loading

OpenQA test summary

Complete test suite and dependencies: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2025022106-4.3&flavor=pull-requests

Test run included the following:

New failures, excluding unstable

Compared to: https://openqa.qubes-os.org/tests/overview?distri=qubesos&version=4.3&build=2025020404-4.3&flavor=update

  • system_tests_whonix

    • whonixcheck: fail (unknown)
      Whonixcheck for sys-whonix failed...

    • whonixcheck: unnamed test (unknown)

  • system_tests_suspend

    • suspend: unnamed test (unknown)
    • suspend: Failed (test died)
      # Test died: no candidate needle with tag(s) 'SUSPEND-FAILED' match...

  • system_tests_kde_gui_interactive

  • system_tests_audio

  • system_tests_whonix@hw7

    • whonixcheck: fail (unknown)
      Whonixcheck for sys-whonix failed...

    • whonixcheck: unnamed test (unknown)

  • system_tests_misc

    • TC_06_AppVM_debian-12-xfce: test_020_custom_persist (failure)
      AssertionError: Too much / too little files persisted: b'test1\ntes...

    • TC_06_AppVM_fedora-41-xfce: test_020_custom_persist (failure)
      AssertionError: Too much / too little files persisted: b'test1\ntes...

    • TC_06_AppVM_whonix-gateway-17: test_020_custom_persist (failure)
      AssertionError: Too much / too little files persisted: b'test1\ntes...

    • TC_06_AppVM_whonix-workstation-17: test_020_custom_persist (failure)
      AssertionError: Too much / too little files persisted: b'test1\ntes...

  • system_tests_basic_vm_qrexec_gui_btrfs

    • TC_30_Gui_daemon: test_000_clipboard (error)
      FileNotFoundError: [Errno 2] No such file or directory: '/var/run/q...

  • system_tests_suspend@hw1

    • suspend: unnamed test (unknown)
    • suspend: Failed (test died)
      # Test died: no candidate needle with tag(s) 'SUSPEND-FAILED' match...

  • system_tests_gui_tools

    • qui_widgets_update: unnamed test (unknown)
    • qui_widgets_update: Failed (test died)
      # Test died: no candidate needle with tag(s) 'qui-updates-widget-op...

Failed tests

26 failures

  • system_tests_whonix

    • whonixcheck: fail (unknown)
      Whonixcheck for sys-whonix failed...

    • whonixcheck: unnamed test (unknown)

  • system_tests_suspend

    • suspend: unnamed test (unknown)
    • suspend: Failed (test died)
      # Test died: no candidate needle with tag(s) 'SUSPEND-FAILED' match...

  • system_tests_kde_gui_interactive

    • clipboard_and_web: unnamed test (unknown)
    • clipboard_and_web: Failed (test died)
      # Test died: no candidate needle with tag(s) 'clipboard-paste-notif...

  • system_tests_audio

  • system_tests_whonix@hw7

    • whonixcheck: fail (unknown)
      Whonixcheck for sys-whonix failed...

    • whonixcheck: unnamed test (unknown)

  • system_tests_misc

    • TC_06_AppVM_debian-12-xfce: test_020_custom_persist (failure)
      AssertionError: Too much / too little files persisted: b'test1\ntes...

    • TC_06_AppVM_fedora-41-xfce: test_020_custom_persist (failure)
      AssertionError: Too much / too little files persisted: b'test1\ntes...

    • TC_06_AppVM_whonix-gateway-17: test_020_custom_persist (failure)
      AssertionError: Too much / too little files persisted: b'test1\ntes...

    • TC_06_AppVM_whonix-workstation-17: test_020_custom_persist (failure)
      AssertionError: Too much / too little files persisted: b'test1\ntes...

  • system_tests_basic_vm_qrexec_gui_btrfs

    • TC_30_Gui_daemon: test_000_clipboard (error)
      FileNotFoundError: [Errno 2] No such file or directory: '/var/run/q...

  • system_tests_suspend@hw1

    • suspend: unnamed test (unknown)
    • suspend: Failed (test died)
      # Test died: no candidate needle with tag(s) 'SUSPEND-FAILED' match...

  • system_tests_gui_tools

    • qui_widgets_update: unnamed test (unknown)
    • qui_widgets_update: Failed (test died)
      # Test died: no candidate needle with tag(s) 'qui-updates-widget-op...

Fixed failures

Compared to: https://openqa.qubes-os.org/tests/127852#dependencies

28 fixed

  • system_tests_suspend

    • mount_and_boot_options: unnamed test (unknown)
    • mount_and_boot_options: Failed (test died)
      # Test died: no candidate needle with tag(s) 'x11' matched...

  • system_tests_backup

    • TC_10_BackupVM_whonix-gateway-17: test_110_send_to_vm_no_space (error)
      subprocess.CalledProcessError: Command 'mknod /dev/loop0 b 7 0;trun...

    • TC_10_BackupVM_whonix-workstation-17: test_110_send_to_vm_no_space (error)
      subprocess.CalledProcessError: Command 'mknod /dev/loop0 b 7 0;trun...

  • system_tests_qrexec

  • system_tests_dispvm

    • TC_20_DispVM_fedora-41-xfce: test_100_open_in_dispvm (failure)
      AssertionError: './open-file test.txt' failed with ./open-file test...

  • system_tests_devices

    • TC_00_List_whonix-gateway-17: test_000_list_loop (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-gateway-17: test_001_list_loop_mounted (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-gateway-17: test_010_list_dm (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-gateway-17: test_011_list_dm_mounted (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-gateway-17: test_012_list_dm_delayed (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-gateway-17: test_013_list_dm_removed (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-gateway-17: test_020_list_loop_partition (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-gateway-17: test_021_list_loop_partition_mounted (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-workstation-17: test_000_list_loop (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-workstation-17: test_001_list_loop_mounted (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-workstation-17: test_010_list_dm (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-workstation-17: test_011_list_dm_mounted (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-workstation-17: test_012_list_dm_delayed (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-workstation-17: test_013_list_dm_removed (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-workstation-17: test_020_list_loop_partition (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_00_List_whonix-workstation-17: test_021_list_loop_partition_mounted (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_10_Attach_whonix-gateway-17: test_000_attach_reattach (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

    • TC_10_Attach_whonix-workstation-17: test_000_attach_reattach (error)
      subprocess.CalledProcessError: Command 'set -e;truncate -s 128M /tm...

  • system_tests_kde_gui_interactive

  • system_tests_qrexec_perf@hw1

    • TC_00_QrexecPerf_debian-12-xfce: test_110_simple_data_duplex (failure)
      AssertionError: '/usr/lib/qubes/tests/qrexec_perf.py --vm1=test-ins...

  • system_tests_storage_perf@hw1

    • integ: storage_perf (error)
      ModuleNotFoundError: No module named 'qubes.tests.integ.storage_perf'

  • system_tests_basic_vm_qrexec_gui_ext4

    • switch_pool: Failed (test died)
      # Test died: command 'printf "label: gpt\n,,L" | sfdisk /dev/sdb' f...

Unstable tests

Performance Tests

Performance degradation:

No issues

Remaining performance tests:

72 tests
  • debian-12-xfce_exec: 7.28
  • debian-12-xfce_exec-root: 28.07
  • debian-12-xfce_socket: 8.60
  • debian-12-xfce_socket-root: 8.33
  • debian-12-xfce_exec-data-simplex: 45.25
  • debian-12-xfce_exec-data-duplex: 48.08
  • debian-12-xfce_exec-data-duplex-root: 63.67
  • debian-12-xfce_socket-data-duplex: 78.28
  • fedora-41-xfce_exec: 9.12 🟢 ( previous job: 21.67, improvement: 42.09%)
  • fedora-41-xfce_exec-root: 60.32 🟢 ( previous job: 74.48, improvement: 80.99%)
  • fedora-41-xfce_socket: 8.24 🟢 ( previous job: 21.26, improvement: 38.78%)
  • fedora-41-xfce_socket-root: 8.41 🟢 ( previous job: 20.89, improvement: 40.27%)
  • fedora-41-xfce_exec-data-simplex: 46.16 🟢 ( previous job: 58.71, improvement: 78.63%)
  • fedora-41-xfce_exec-data-duplex: 47.15 🟢 ( previous job: 60.49, improvement: 77.94%)
  • fedora-41-xfce_exec-data-duplex-root: 81.31 🟢 ( previous job: 92.13, improvement: 88.25%)
  • fedora-41-xfce_socket-data-duplex: 79.46 🟢 ( previous job: 83.57, improvement: 95.08%)
  • whonix-gateway-17_exec: 7.15
  • whonix-gateway-17_exec-root: 38.05
  • whonix-gateway-17_socket: 8.14
  • whonix-gateway-17_socket-root: 7.64
  • whonix-gateway-17_exec-data-simplex: 46.63
  • whonix-gateway-17_exec-data-duplex: 51.78
  • whonix-gateway-17_exec-data-duplex-root: 71.74
  • whonix-gateway-17_socket-data-duplex: 83.41
  • whonix-workstation-17_exec: 8.10
  • whonix-workstation-17_exec-root: 52.21
  • whonix-workstation-17_socket: 7.84
  • whonix-workstation-17_socket-root: 7.97
  • whonix-workstation-17_exec-data-simplex: 48.98
  • whonix-workstation-17_exec-data-duplex: 48.66
  • whonix-workstation-17_exec-data-duplex-root: 80.03
  • whonix-workstation-17_socket-data-duplex: 82.07
  • dom0_root_seq1m_q8t1_read 3:read_bandwidth_kb: 448684.00
  • dom0_root_seq1m_q8t1_write 3:write_bandwidth_kb: 182617.00
  • dom0_root_seq1m_q1t1_read 3:read_bandwidth_kb: 423495.00
  • dom0_root_seq1m_q1t1_write 3:write_bandwidth_kb: 143300.00
  • dom0_root_rnd4k_q32t1_read 3:read_bandwidth_kb: 11444.00
  • dom0_root_rnd4k_q32t1_write 3:write_bandwidth_kb: 5071.00
  • dom0_root_rnd4k_q1t1_read 3:read_bandwidth_kb: 6067.00
  • dom0_root_rnd4k_q1t1_write 3:write_bandwidth_kb: 4353.00
  • dom0_varlibqubes_seq1m_q8t1_read 3:read_bandwidth_kb: 462539.00
  • dom0_varlibqubes_seq1m_q8t1_write 3:write_bandwidth_kb: 139764.00
  • dom0_varlibqubes_seq1m_q1t1_read 3:read_bandwidth_kb: 432580.00
  • dom0_varlibqubes_seq1m_q1t1_write 3:write_bandwidth_kb: 196459.00
  • dom0_varlibqubes_rnd4k_q32t1_read 3:read_bandwidth_kb: 108532.00
  • dom0_varlibqubes_rnd4k_q32t1_write 3:write_bandwidth_kb: 8503.00
  • dom0_varlibqubes_rnd4k_q1t1_read 3:read_bandwidth_kb: 5566.00
  • dom0_varlibqubes_rnd4k_q1t1_write 3:write_bandwidth_kb: 3308.00
  • fedora-41-xfce_root_seq1m_q8t1_read 3:read_bandwidth_kb: 398849.00
  • fedora-41-xfce_root_seq1m_q8t1_write 3:write_bandwidth_kb: 103187.00
  • fedora-41-xfce_root_seq1m_q1t1_read 3:read_bandwidth_kb: 358487.00
  • fedora-41-xfce_root_seq1m_q1t1_write 3:write_bandwidth_kb: 36090.00
  • fedora-41-xfce_root_rnd4k_q32t1_read 3:read_bandwidth_kb: 87805.00
  • fedora-41-xfce_root_rnd4k_q32t1_write 3:write_bandwidth_kb: 3144.00
  • fedora-41-xfce_root_rnd4k_q1t1_read 3:read_bandwidth_kb: 8520.00
  • fedora-41-xfce_root_rnd4k_q1t1_write 3:write_bandwidth_kb: 1434.00
  • fedora-41-xfce_private_seq1m_q8t1_read 3:read_bandwidth_kb: 385081.00
  • fedora-41-xfce_private_seq1m_q8t1_write 3:write_bandwidth_kb: 116220.00
  • fedora-41-xfce_private_seq1m_q1t1_read 3:read_bandwidth_kb: 339125.00
  • fedora-41-xfce_private_seq1m_q1t1_write 3:write_bandwidth_kb: 50474.00
  • fedora-41-xfce_private_rnd4k_q32t1_read 3:read_bandwidth_kb: 94021.00
  • fedora-41-xfce_private_rnd4k_q32t1_write 3:write_bandwidth_kb: 1459.00
  • fedora-41-xfce_private_rnd4k_q1t1_read 3:read_bandwidth_kb: 8882.00
  • fedora-41-xfce_private_rnd4k_q1t1_write 3:write_bandwidth_kb: 892.00
  • fedora-41-xfce_volatile_seq1m_q8t1_read 3:read_bandwidth_kb: 420439.00
  • fedora-41-xfce_volatile_seq1m_q8t1_write 3:write_bandwidth_kb: 235953.00
  • fedora-41-xfce_volatile_seq1m_q1t1_read 3:read_bandwidth_kb: 346407.00
  • fedora-41-xfce_volatile_seq1m_q1t1_write 3:write_bandwidth_kb: 96306.00
  • fedora-41-xfce_volatile_rnd4k_q32t1_read 3:read_bandwidth_kb: 87623.00
  • fedora-41-xfce_volatile_rnd4k_q32t1_write 3:write_bandwidth_kb: 5369.00
  • fedora-41-xfce_volatile_rnd4k_q1t1_read 3:read_bandwidth_kb: 8541.00
  • fedora-41-xfce_volatile_rnd4k_q1t1_write 3:write_bandwidth_kb: 1908.00

This was referenced Jan 11, 2025
Merged
Merged
Merged
Merged
@marmarek
Copy link
Member

marmarek commented Jan 11, 2025

system_tests_qrexec

* TC_00_Qrexec_debian-12-xfce: [test_053_qrexec_vm_service_eof_reverse](https://openqa.qubes-os.org/tests/125357#step/TC_00_Qrexec_debian-12-xfce/4) (failure)
  `AssertionError: Timeout, probably EOF wasn't transferred`

* TC_00_Qrexec_debian-12-xfce: [test_092_qrexec_service_socket_dom0_eof_reverse](https://openqa.qubes-os.org/tests/125357#step/TC_00_Qrexec_debian-12-xfce/18) (failure)
  `AssertionError: service timeout, probably EOF wasn't transferred fr...`

* TC_00_Qrexec_debian-12-xfce: [test_098_qrexec_service_socket_vm_eof](https://openqa.qubes-os.org/tests/125357#step/TC_00_Qrexec_debian-12-xfce/23) (failure)
  `AssertionError: service timeout, probably EOF wasn't transferred to...`

* TC_00_Qrexec_fedora-41-xfce: [test_053_qrexec_vm_service_eof_reverse](https://openqa.qubes-os.org/tests/125357#step/TC_00_Qrexec_fedora-41-xfce/4) (failure)
  `AssertionError: Timeout, probably EOF wasn't transferred`

* TC_00_Qrexec_fedora-41-xfce: [test_092_qrexec_service_socket_dom0_eof_reverse](https://openqa.qubes-os.org/tests/125357#step/TC_00_Qrexec_fedora-41-xfce/18) (failure)
  `AssertionError: service timeout, probably EOF wasn't transferred fr...`

* TC_00_Qrexec_fedora-41-xfce: [test_098_qrexec_service_socket_vm_eof](https://openqa.qubes-os.org/tests/125357#step/TC_00_Qrexec_fedora-41-xfce/23) (failure)
  `AssertionError: service timeout, probably EOF wasn't transferred to...`

* TC_00_Qrexec_whonix-gateway-17: [test_053_qrexec_vm_service_eof_reverse](https://openqa.qubes-os.org/tests/125357#step/TC_00_Qrexec_whonix-gateway-17/4) (failure)
  `AssertionError: Timeout, probably EOF wasn't transferred`

* TC_00_Qrexec_whonix-gateway-17: [test_083_qrexec_service_argument_specific_implementation](https://openqa.qubes-os.org/tests/125357#step/TC_00_Qrexec_whonix-gateway-17/14) (error)
  `subprocess.CalledProcessError: Command '/usr/lib/qubes/qrexec-clien...`

* TC_00_Qrexec_whonix-gateway-17: [test_092_qrexec_service_socket_dom0_eof_reverse](https://openqa.qubes-os.org/tests/125357#step/TC_00_Qrexec_whonix-gateway-17/18) (failure)
  `AssertionError: service timeout, probably EOF wasn't transferred fr...`

* TC_00_Qrexec_whonix-gateway-17: [test_098_qrexec_service_socket_vm_eof](https://openqa.qubes-os.org/tests/125357#step/TC_00_Qrexec_whonix-gateway-17/23) (failure)
  `AssertionError: service timeout, probably EOF wasn't transferred to...`

* TC_00_Qrexec_whonix-workstation-17: [test_053_qrexec_vm_service_eof_reverse](https://openqa.qubes-os.org/tests/125357#step/TC_00_Qrexec_whonix-workstation-17/4) (failure)
  `AssertionError: Timeout, probably EOF wasn't transferred`

* TC_00_Qrexec_whonix-workstation-17: [test_092_qrexec_service_socket_dom0_eof_reverse](https://openqa.qubes-os.org/tests/125357#step/TC_00_Qrexec_whonix-workstation-17/18) (failure)
  `AssertionError: service timeout, probably EOF wasn't transferred fr...`

* TC_00_Qrexec_whonix-workstation-17: [test_098_qrexec_service_socket_vm_eof](https://openqa.qubes-os.org/tests/125357#step/TC_00_Qrexec_whonix-workstation-17/23) (failure)
  `AssertionError: service timeout, probably EOF wasn't transferred to...`

This is the only qrexec PR in this test run, so the above failures seems to be regression caused by this change.

marmarek
marmarek reviewed Jan 12, 2025
View reviewed changes
libqrexec/libqrexec-utils.h Outdated
void buffer_remove(struct buffer *b, int len);
int buffer_len(struct buffer *b);
void *buffer_data(struct buffer *b);
/* Open /dev/null and keep it from being closed before the exec func is called.
Copy link
Member

@marmarek marmarek Jan 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't it simpler (and safer) to simply open /dev/null just before dup-ing it over 0,1,2 (in the child process already)?

Copy link
Contributor Author

@DemiMarie DemiMarie Jan 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It’s definitely simpler, but I didn’t want the extra call to open(). That said, giving each child process the same open file description is less than great, as it introduces shared state that should not be there. I don’t know if /dev/null has any such state, but still it isn’t great, so I went ahead and switched to your approach.

@marmarek
Copy link
Member

marmarek commented Jan 12, 2025

But also, I question usefulness of this PR as a whole - the closing of standard FDs happens in a process that has a single purpose - wait for the child process and then exit, in the very same function as closing happens. There are few PAM cleanup calls, but it's very unlikely for them to be a problem (especially, it isn't a problem now, or for the last 10 or so years).

@DemiMarie
Copy link
Contributor Author

DemiMarie commented Jan 12, 2025

Whether or not the last commit in the PR is merged, I definitely think the other commits should be merged. In particular, it turned out that the “close the FD” functionality had no unit tests because the unit tests took a codepath that was too different from the production code. This PR makes the production and test code follow the same path, with the result that the actual bug (/dev/null FD being closed by fix_fds()) is now caught. I think that this test improvement (and the other bug fixes) is itself useful.

There are few PAM cleanup calls, but it's very unlikely for them to be a problem (especially, it isn't a problem now, or for the last 10 or so years).

PAM cleanup calls into PAM modules, so it can do anything. I suspect Qubes OS only gets away with it because we have a fairly simple PAM stack by default. PAM cleanup is used for e.g. unmounting filesystems and closing encrypted volumes.

The best approach would be for PAM to run with stdin pointed at /dev/null and stdout and stderr pointed at the system log. The FDs would be fixed directly before executing the child process. That’s a bigger refactor, though.

@marmarek
Copy link
Member

marmarek commented Jan 12, 2025
edited
Loading

Whether or not the last commit in the PR is merged,

Indeed I was talking about the last commit (which until the last force-push was the only commit in this PR).

PAM cleanup calls into PAM modules, so it can do anything. I suspect Qubes OS only gets away with it because we have a fairly simple PAM stack by default.

Aren't PAM modules expected handle proper logging themselves? I don't think they are supposed to touch calling process's stdin/out/err in any case. And if they would do, that likely would interfere also with cases where they aren't closed (and then replaced with with unrelated thing) - for example it could interfere with an application log file on stderr that is expected in a specific format (different than PAM messages).

@marmarek
Copy link
Member

marmarek commented Jan 12, 2025

As for the other commits, won't that have some non-trivial conflicts with #141 (which I hope is quite close to merge-able state)?

@DemiMarie
Copy link
Contributor Author

DemiMarie commented Jan 12, 2025

As for the other commits, won't that have some non-trivial conflicts with #141 (which I hope is quite close to merge-able state)?

I can include them in #141 or rebase this PR on top of it. I can also close this PR if you prefer, but I’d prefer that at least the bug fixes and testability changes go in.

This was referenced Jan 17, 2025
Merged
Merged
Merged
This was referenced Jan 18, 2025
Merged
Merged
Merged
This was referenced Feb 16, 2025
Merged
Merged
Merged
Merged
Merged
Merged
@marmarek
Copy link
Member

marmarek commented Feb 16, 2025

Recent run with db5faa9 has only one failure (1 failed out of 4 times this test was run)

I tried to get more logs, but it isn't very interesting:

2025-02-16 07:58:16.551 qrexec-fork-server[1054]: qrexec-agent-data.c:274:handle_new_process_common: executed: QUBESRPC test.Argument+argument test-inst-vm1 (pid 1056)
2025-02-16 07:58:16.553 qrexec-fork-server[1054]: qrexec-agent-data.c:309:handle_new_process_common: pid 1056 exited with 125

I don't see actual reason for the failure here...

@qubesos-bot qubesos-bot mentioned this pull request Feb 17, 2025
Merged
@DemiMarie
Fix checking for memory allocation errors
b90eb2c 
These should never happen, but call exit() if they do.  Also avoid
freeing an uninitialized PAM handle in such an error case.

I do not consider this a security vulnerability because there is no
reasonable way I know of for an attacker to trigger this failure, but
this commit should still be backported.
@DemiMarie
Set PAM error if snprintf() fails
d5f8392
@DemiMarie
Get effective UID at startup
f3e8f2e 
Saves an (admittedly cheap) system call.
@DemiMarie
Move waiting on the child to a helper function
36fdd4f 
No functional change intended.
@DemiMarie
agent: Move exec to helper function
bf28044 
This will be used by tests later.

No functional change intended.
@DemiMarie
Move closing fds to helper function
0c7bde9 
This will be used by tests later.  No functional change intended.
@DemiMarie
Move basename handling to common function
302ac5b 
This also fixes a bug: basename can mutate its argument, so a copy must
be passed to it.
@DemiMarie
Use fork()/exec() in unit test code
a5596b8 
This makes the unit test code more like the actual code used by
end-users, and therefore makes the tests more accurate.

This trips a bug in the code which will be fixed later, requiring a test
to be changed to compensate.
@DemiMarie
Do not close FDs 0, 1, or 2
ae2281c 
If they are closed, another file descriptor could be created with these
numbers, and so standard library functions that use them might write to
an unwanted place.  dup2() a file descriptor to /dev/null over them
instead.

Also statically initialize trigger_fd to -1, which is the conventional
value for an invalid file descriptor.

This requires care to avoid closing the file descriptor to /dev/null in
fix_fds(), which took over an hour to debug.
This was referenced Feb 21, 2025
Merged
Merged
Merged
Merged
Merged
@marmarek marmarek mentioned this pull request Feb 23, 2025
Closed
@marmarek
Copy link
Member

marmarek commented Sep 20, 2025

This PR (currently) introduces a regression, and since it isn't very useful anyway (#186 (comment)) and Demi left the team, lets abandon it instead of handing it to somebody else.

@marmarek marmarek closed this Sep 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@marmarek marmarek Awaiting requested review from marmarek

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@DemiMarie @marmarek @qubesos-bot