1515 * along with cSploit. If not, see <http://www.gnu.org/licenses/>.
1616 */
1717
18+ #define _GNU_SOURCE
19+
1820#include <stdio.h>
1921#include <errno.h>
2022#include <unistd.h>
2123#include <stdlib.h>
2224#include <sys/types.h>
2325#include <sys/wait.h>
24-
25- /* WARNING: this check works if you DO NOT USE threads
26- * when using threads fork(2) become clone(2),
27- * which is not restricted.
28- * if you use threads within this project
29- * check the execve(2) syscall insted of fork(2).
30- */
26+ #include <fcntl.h>
3127
3228void issue1 () {
3329 pid_t pid ;
30+ char * argv [] = { "date" , NULL };
31+ int exec_errno , i ;
32+ int pexec [2 ];
33+
34+ pexec [0 ] = pexec [1 ] = -1 ;
35+
36+ if (pipe2 (pexec , O_CLOEXEC )) {
37+ fprintf (stderr , "%s: pipe2: %s\n" , __func__ , strerror (errno ));
38+ goto unsure ;
39+ }
3440
3541 pid = fork ();
3642
3743 if (pid == -1 ) {
3844 if (errno == EACCES ) {
3945 goto yes ;
4046 } else {
47+ fprintf (stderr , "%s: fork: %s\n" , __func__ , strerror (errno ));
4148 goto unsure ;
4249 }
4350 } else if (!pid ) {
4451 // child
45- exit (0 );
52+ close (pexec [0 ]);
53+
54+ execvp ("date" , argv );
55+
56+ exec_errno = errno ;
57+
58+ write (pexec [1 ], & exec_errno , sizeof (int ));
59+ close (pexec [1 ]);
60+ exit (1 );
4661 }
4762
63+ close (pexec [1 ]);
64+
4865 waitpid (pid , NULL , 0 );
4966
50- return ;
67+ i = read (pexec [0 ], & exec_errno , sizeof (int ));
68+
69+ if ( i < 0 ) {
70+ fprintf (stderr , "%s: read: %s\n" , __func__ , strerror (errno ));
71+ goto unsure ;
72+ } else if ( i > 0 ) {
73+ if (exec_errno == EACCES ) {
74+ goto yes ;
75+ } else {
76+ fprintf (stderr , "%s: read: %s\n" , __func__ , strerror (errno ));
77+ goto unsure ;
78+ }
79+ }
80+
81+
82+ goto no ;
5183
5284 unsure :
5385
54- fprintf (stderr , "%s: fork: %s \n" , __func__ , strerror ( errno ) );
86+ fprintf (stderr , "%s: assuming yes \n" , __func__ );
5587
5688 yes :
57-
5889 printf ("1\n" );
5990
91+ no :
92+
93+ close (pexec [0 ]);
94+ close (pexec [1 ]);
95+
6096}
0 commit comments