executor: prevent programs to mess with fuzzer fds

author: Dmitry Vyukov <dvyukov@google.com> 2015-11-20 15:39:50 +0100
committer: Dmitry Vyukov <dvyukov@google.com> 2015-11-20 15:39:50 +0100
commit: fb92c67d9d7501efaacad983c2736d3b0ef0cc7c (patch)
tree: ea1a811548500d2e3f37a632b3179255442451ca /executor/executor.cc
parent: 6c48b5b4efc91533658dababa47587689b4a6ae1 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/executor/executor.cc b/executor/executor.cc
index 7f0e82ba9..db7f88024 100644
--- a/executor/executor.cc
+++ b/executor/executor.cc
@@ -125,6 +125,12 @@ int main()
 		fail("mmap of input file failed");
 	if (mmap(&output_data[0], kMaxOutput, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, kOutFd, 0) != &output_data[0])
 		fail("mmap of output file failed");
+	// Prevent random programs to mess with these fds.
+	// Due to races in collider mode, a program can e.g. ftruncate one of these fds,
+	// which will cause fuzzer to crash.
+	// That's also the reason why we close kInPipeFd/kOutPipeFd below.
+	close(kInFd);
+	close(kOutFd);
 	char cwdbuf[64 << 10];
 	char* cwd = getcwd(cwdbuf, sizeof(cwdbuf));
 
@@ -161,6 +167,8 @@ int main()
 		if (pid == 0) {
 			setpgid(0, 0);
 			unshare(CLONE_NEWNS);
+			close(kInPipeFd);
+			close(kOutPipeFd);
 			if (flag_drop_privs) {
 				// Pre-create one thread with root privileges for execution of special syscalls (e.g. mount).
 				if (flag_threaded)
author	Dmitry Vyukov <dvyukov@google.com>	2015-11-20 15:39:50 +0100
committer	Dmitry Vyukov <dvyukov@google.com>	2015-11-20 15:39:50 +0100
commit	fb92c67d9d7501efaacad983c2736d3b0ef0cc7c (patch)
tree	ea1a811548500d2e3f37a632b3179255442451ca /executor/executor.cc
parent	6c48b5b4efc91533658dababa47587689b4a6ae1 (diff)