{"id":18151230,"url":"https://github.com/msantos/closefrom-rs","last_synced_at":"2025-04-06T23:29:28.026Z","repository":{"id":136621378,"uuid":"466452975","full_name":"msantos/closefrom-rs","owner":"msantos","description":"close(2) a range of file descriptors before exec(2)","archived":false,"fork":false,"pushed_at":"2024-07-21T12:03:51.000Z","size":7,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-13T05:30:10.375Z","etag":null,"topics":["closefrom","exec","fd"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"isc","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/msantos.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-05T12:55:42.000Z","updated_at":"2024-08-22T22:10:56.000Z","dependencies_parsed_at":null,"dependency_job_id":"f56c4bbd-dd74-43a7-93ae-d6aa22b811e5","html_url":"https://github.com/msantos/closefrom-rs","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/msantos%2Fclosefrom-rs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/msantos%2Fclosefrom-rs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/msantos%2Fclosefrom-rs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/msantos%2Fclosefrom-rs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/msantos","download_url":"https://codeload.github.com/msantos/closefrom-rs/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247568824,"owners_count":20959753,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["closefrom","exec","fd"],"created_at":"2024-11-02T01:07:01.718Z","updated_at":"2025-04-06T23:29:27.986Z","avatar_url":"https://github.com/msantos.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SYNOPSIS\n\nclosefrom *fd* *cmd* *arg* *...*\n\n# DESCRIPTION\n\nclosefrom - close(2) a range of file descriptors before exec(2)\n\n`closefrom` closes all file descriptors numbered fd and higher before\nexecuting a program.\n\n`exec(2)`ing a file can unintentionally leak file descriptors to\nthe new process image. These file descriptors may provide unexpected\n[capabilities](https://www.freebsd.org/cgi/man.cgi?capsicum(4)) to\nthe process.\n\n`closefrom` is run as a part of an exec chain, closing many descriptors\nsimilar to the [closefrom(2)](https://man.openbsd.org/closefrom) system\ncall, before executing the target process.\n\n# EXAMPLES\n\n## [ucspi-unix](https://github.com/bruceg/ucspi-unix)\n\n`ucspi-unix` is an example of the \"Defer to Kernel\"\nprivilege separation model in [Secure Design\nPatterns](https://resources.sei.cmu.edu/asset_files/TechnicalReport/2009_005_001_15110.pdf).\n\nThe guarantees are broken because `ucspi-unix` [leaks the listening\nsocket](https://github.com/bruceg/ucspi-unix/pull/2) to the application\nsubprocess. The application subprocess can race the server in accepting\nnew connections and bypass unix socket permissions and socket credential\nchecks.\n\n```C\n#include \u003cstdio.h\u003e\n#include \u003cunistd.h\u003e\n\n#include \u003cerr.h\u003e\n\n#include \u003csys/types.h\u003e\n#include \u003csys/socket.h\u003e\n#include \u003csys/un.h\u003e\n\n/* cc -g -Wall -o accept accept.c */\n\nint main(int argc, char *argv[]) {\n  int fd;\n  struct sockaddr_un addr;\n  socklen_t addrlen = sizeof(addr);\n\n  for (;;) {\n    fd = accept(3, (struct sockaddr *)\u0026addr, \u0026addrlen);\n    if (fd \u003c 0) {\n      warn(\"accept\");\n      continue;\n    }\n    (void)write(fd, \"12345678\\n\", 9);\n    (void)close(fd);\n  }\n}\n```\n\n```\n# run unixserver as root\nsudo unixserver -m 077 /tmp/test.sock -- setuidgid nobody ./accept\n\n# connect to the socket\n$ sudo nc -U /tmp/test.sock\n$ sudo nc -U /tmp/test.sock\n$ sudo nc -U /tmp/test.sock\n12345678\n\n# with closefrom\nsudo unixserver -m 077 /tmp/test.sock -- closefrom 3 setuidgid nobody ./accept\naccept: accept: Bad file descriptor\n```\n\n## LXC\n\n## shell\n\nThis example opens and leaks a file descriptor to `cat(1)`:\n\n```shell\n#!/bin/bash\n\nexec 9\u003c/dev/null\nexec $@\n```\n\n```\n$ leakfd ls -al /proc/self/fd\ntotal 0\ndr-x------. 2 msantos msantos  0 Aug 28 09:28 .\ndr-xr-xr-x. 9 msantos msantos  0 Aug 28 09:28 ..\nlrwx------. 1 msantos msantos 64 Aug 28 09:28 0 -\u003e /dev/pts/19\nlrwx------. 1 msantos msantos 64 Aug 28 09:28 1 -\u003e /dev/pts/19\nlrwx------. 1 msantos msantos 64 Aug 28 09:28 2 -\u003e /dev/pts/19\nlr-x------. 1 msantos msantos 64 Aug 28 09:28 3 -\u003e /proc/32048/fd\nlr-x------. 1 msantos msantos 64 Aug 28 09:28 9 -\u003e /dev/null\n\n$ leakfd closefrom 3 ls -al /proc/self/fd\ntotal 0\ndr-x------. 2 msantos msantos  0 Aug 28 09:29 .\ndr-xr-xr-x. 9 msantos msantos  0 Aug 28 09:29 ..\nlrwx------. 1 msantos msantos 64 Aug 28 09:29 0 -\u003e /dev/pts/19\nlrwx------. 1 msantos msantos 64 Aug 28 09:29 1 -\u003e /dev/pts/19\nlrwx------. 1 msantos msantos 64 Aug 28 09:29 2 -\u003e /dev/pts/19\nlr-x------. 1 msantos msantos 64 Aug 28 09:29 3 -\u003e /proc/32058/fd\n```\n\n# OPTIONS\n\nNone.\n\n# BUILDING\n\n```\ncargo build\n```\n\n# ALTERNATIVES\n\n* bash\n\n```shell\n#!/bin/bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nNOFILE=\"$(ulimit -n)\"\nLOWFD=\"$1\"\nshift\nfor fd in $(seq \"$LOWFD\" \"$NOFILE\"); do\n  eval \"exec $fd\u003e\u0026-\"\ndone\nexec $@\n```\n\n* [fdclose](http://skarnet.org./software/execline/fdclose.html)\n\n* [closefrom](https://github.com/msantos/closefrom)\n\n# SEE ALSO\n\n*close*(2), *closefrom(2)*, *exec(3)*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmsantos%2Fclosefrom-rs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmsantos%2Fclosefrom-rs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmsantos%2Fclosefrom-rs/lists"}