pam_modutil_sanitize_helper_fds: fix SIGPIPE effect of PAM_MODUTIL_PIPE_FD

When pam_modutil_sanitize_helper_fds() is invoked with
PAM_MODUTIL_PIPE_FD to provide a dummy pipe descriptor for stdout
or stderr, it closes the read end of the newly created dummy pipe.
The negative side effect of this approach is that any write to such
descriptor triggers a SIGPIPE.  Avoid this by closing the write end of
the dummy pipe and using its read end as a dummy pipe descriptor for
output.  Any read from such descriptor returns 0, and any write just
fails with EBADF, which should work better with unprepared writers.

* libpam/pam_modutil_sanitize.c (redirect_out_pipe): Remove.
(redirect_out): Call redirect_in_pipe instead of redirect_out_pipe.

Fixes: b0ec5d1e ("Introduce pam_modutil_sanitize_helper_fds")

1 files changed, 1 insertions, 29 deletions

diff --git a/libpam/pam_modutil_sanitize.c b/libpam/pam_modutil_sanitize.c
index 605c859d..58b9537c 100644
--- a/libpam/pam_modutil_sanitize.c
+++ b/libpam/pam_modutil_sanitize.c
@@ -47,34 +47,6 @@ redirect_in_pipe(pam_handle_t *pamh, int fd, const char *name)
 }
 
 /*
- * Creates a pipe, closes its read end, redirects fd to its write end.
- * Returns fd on success, -1 otherwise.
- */
-static int
-redirect_out_pipe(pam_handle_t *pamh, int fd, const char *name)
-{
-	int out[2];
-
-	if (pipe(out) < 0) {
-		pam_syslog(pamh, LOG_ERR, "Could not create pipe: %m");
-		return -1;
-	}
-
-	close(out[0]);
-
-	if (out[1] == fd)
-		return fd;
-
-	if (dup2(out[1], fd) != fd) {
-		pam_syslog(pamh, LOG_ERR, "dup2 of %s failed: %m", name);
-		fd = -1;
-	}
-
-	close(out[1]);
-	return fd;
-}
-
-/*
  * Opens /dev/null for writing, redirects fd there.
  * Returns fd on success, -1 otherwise.
  */
@@ -106,7 +78,7 @@ redirect_out(pam_handle_t *pamh, enum pam_modutil_redirect_fd mode,
 {
 	switch (mode) {
 		case PAM_MODUTIL_PIPE_FD:
-			if (redirect_out_pipe(pamh, fd, name) < 0)
+			if (redirect_in_pipe(pamh, fd, name) < 0)
 				return -1;
 			break;
 		case PAM_MODUTIL_NULL_FD: