process-util: make safe_fork() unset $NOTIFY_SOCKET

Propagating $NOTIFY_SOCKET is typically dangerous. Let's unset it unless explicitly requested to keep it. Fixes #27288. Replaces #27291.
2024-07-09 04:26:06 +00:00 · 2023-04-17 02:09:38 +09:00 · 2023-04-17 02:09:38 +09:00 · 2cd04086ee
commit 2cd04086ee
parent 4518126807
5 changed files with 9 additions and 4 deletions
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@ -1365,6 +1365,14 @@ int safe_fork_full(
                }
        }

+        if (!FLAGS_SET(flags, FORK_KEEP_NOTIFY_SOCKET)) {
+                r = RET_NERRNO(unsetenv("NOTIFY_SOCKET"));
+                if (r < 0) {
+                        log_full_errno(prio, r, "Failed to unset $NOTIFY_SOCKET: %m");
+                        _exit(EXIT_FAILURE);
+                }
+        }
+
        if (ret_pid)
                *ret_pid = getpid_cached();

--- a/src/basic/process-util.h
+++ b/src/basic/process-util.h
@ -156,6 +156,7 @@ typedef enum ForkFlags {
        FORK_FLUSH_STDIO        = 1 << 13, /* fflush() stdout (and stderr) before forking */
        FORK_NEW_USERNS         = 1 << 14, /* Run child in its own user namespace */
        FORK_CLOEXEC_OFF        = 1 << 15, /* In the child: turn off O_CLOEXEC on all fds in except_fds[] */
+        FORK_KEEP_NOTIFY_SOCKET = 1 << 16, /* Unless this specified, $NOTIFY_SOCKET will be unset. */
 } ForkFlags;

 int safe_fork_full(
--- a/src/sysupdate/sysupdate-resource.c
+++ b/src/sysupdate/sysupdate-resource.c
@ -284,7 +284,6 @@ static int download_manifest(
                        NULL
                };

-                (void) unsetenv("NOTIFY_SOCKET");
                execv(pull_binary_path(), (char *const*) cmdline);
                log_error_errno(errno, "Failed to execute %s tool: %m", pull_binary_path());
                _exit(EXIT_FAILURE);
--- a/src/sysupdate/sysupdate-transfer.c
+++ b/src/sysupdate/sysupdate-transfer.c
@ -793,7 +793,6 @@ static int run_helper(
        if (r == 0) {
                /* Child */

-                (void) unsetenv("NOTIFY_SOCKET");
                execv(path, (char *const*) cmdline);
                log_error_errno(errno, "Failed to execute %s tool: %m", path);
                _exit(EXIT_FAILURE);
--- a/src/udev/udevd.c
+++ b/src/udev/udevd.c
@ -706,8 +706,6 @@ static int worker_main(Manager *_manager, sd_device_monitor *monitor, sd_device
        assert(monitor);
        assert(dev);

-        assert_se(unsetenv("NOTIFY_SOCKET") == 0);
-
        assert_se(sigprocmask_many(SIG_BLOCK, NULL, SIGTERM, -1) >= 0);

        /* Reset OOM score, we only protect the main daemon. */