From fb92c67d9d7501efaacad983c2736d3b0ef0cc7c Mon Sep 17 00:00:00 2001
From: Dmitry Vyukov <dvyukov@google.com>
Date: Fri, 20 Nov 2015 15:39:50 +0100
Subject: executor: prevent programs to mess with fuzzer fds

---
 executor/executor.cc | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'executor')

diff --git a/executor/executor.cc b/executor/executor.cc
index 7f0e82ba9..db7f88024 100644
--- a/executor/executor.cc
+++ b/executor/executor.cc
@@ -125,6 +125,12 @@ int main()
 		fail("mmap of input file failed");
 	if (mmap(&output_data[0], kMaxOutput, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_FIXED, kOutFd, 0) != &output_data[0])
 		fail("mmap of output file failed");
+	// Prevent random programs to mess with these fds.
+	// Due to races in collider mode, a program can e.g. ftruncate one of these fds,
+	// which will cause fuzzer to crash.
+	// That's also the reason why we close kInPipeFd/kOutPipeFd below.
+	close(kInFd);
+	close(kOutFd);
 	char cwdbuf[64 << 10];
 	char* cwd = getcwd(cwdbuf, sizeof(cwdbuf));
 
@@ -161,6 +167,8 @@ int main()
 		if (pid == 0) {
 			setpgid(0, 0);
 			unshare(CLONE_NEWNS);
+			close(kInPipeFd);
+			close(kOutPipeFd);
 			if (flag_drop_privs) {
 				// Pre-create one thread with root privileges for execution of special syscalls (e.g. mount).
 				if (flag_threaded)
-- 
cgit mrf-deployment