Do not inherit open FDs to SSH child process by overwriting and closing

clue · clue · commit 52d1386d4f83 · 2019-01-19T16:31:51.000+01:00
This fixes a possible race condition where open FDs where in fact inherited to the wrapping shell before it had a chance to close them again when it is being replaced with the actual SSH binary. This builds on top of reactphp/child-process#65
diff --git a/composer.json b/composer.json
@@ -17,7 +17,7 @@
     "require": {
         "php": ">=5.3",
         "clue/socks-react": "^1.0",
-        "react/child-process": "^0.5",
+        "react/child-process": "^0.6",
         "react/event-loop": "^1.0 || ^0.5",
         "react/promise": "^2.1 || ^1.2.1",
         "react/socket": "^1.1",
diff --git a/src/Io/functions.php b/src/Io/functions.php
@@ -42,12 +42,21 @@ function fds($path = '/dev/fd')
  */
 function processWithoutFds($command)
 {
+    // launch process with default STDIO pipes
+    $pipes = array(
+        array('pipe', 'r'),
+        array('pipe', 'w'),
+        array('pipe', 'w')
+    );
+
     // try to get list of all open FDs
     $fds = fds();
 
-    // do not inherit open FDs by explicitly closing all of them
+    // do not inherit open FDs by explicitly overwriting existing FDs with dummy files
+    // additionally, close all dummy files in the child process again
     foreach ($fds as $fd) {
         if ($fd > 2) {
+            $pipes[$fd] = array('file', '/dev/null', 'r');
             $command .= ' ' . $fd . '>&-';
         }
     }
@@ -57,5 +66,5 @@ function processWithoutFds($command)
         $command = 'exec bash -c ' . escapeshellarg($command);
     }
 
-    return new Process($command);
+    return new Process($command, null, null, $pipes);
 }
diff --git a/tests/FunctionalSshProcessConnectorTest.php b/tests/FunctionalSshProcessConnectorTest.php
@@ -69,7 +69,7 @@ public function testConnectValidTargetWillReturnPromiseWhichResolvesToConnection
         $connection->close();
     }
 
-    public function testConnectValidTargetWillNotInheritActiveFileDescriptors()
+    public function testConnectPendingWillNotInheritActiveFileDescriptors()
     {
         $server = stream_socket_server('tcp://127.0.0.1:0');
         $address = stream_socket_get_name($server, false);
@@ -83,17 +83,15 @@ public function testConnectValidTargetWillNotInheritActiveFileDescriptors()
             $this->markTestSkipped('Platform does not prevent binding to same address (Windows?)');
         }
 
-        // wait for successful connection
         $promise = $this->connector->connect('example.com:80');
-        $connection = \Clue\React\Block\await($promise, $this->loop, self::TIMEOUT);
 
         // close server and ensure we can start a new server on the previous address
-        // the open SSH connection process should not inherit the existing server socket
+        // the pending SSH connection process should not inherit the existing server socket
         fclose($server);
         $server = stream_socket_server('tcp://' . $address);
         $this->assertTrue(is_resource($server));
-
         fclose($server);
-        $connection->close();
+
+        $promise->cancel();
     }
 }
diff --git a/tests/FunctionalSshSocksConnectorTest.php b/tests/FunctionalSshSocksConnectorTest.php
@@ -89,7 +89,7 @@ public function testConnectValidTargetWillReturnPromiseWhichResolvesToConnection
         $connection->close();
     }
 
-    public function testConnectValidTargetWillNotInheritActiveFileDescriptors()
+    public function testConnectPendingWillNotInheritActiveFileDescriptors()
     {
         $server = stream_socket_server('tcp://127.0.0.1:0');
         $address = stream_socket_get_name($server, false);
@@ -103,17 +103,15 @@ public function testConnectValidTargetWillNotInheritActiveFileDescriptors()
             $this->markTestSkipped('Platform does not prevent binding to same address (Windows?)');
         }
 
-        // wait for successful connection
         $promise = $this->connector->connect('example.com:80');
-        $connection = \Clue\React\Block\await($promise, $this->loop, self::TIMEOUT);
 
         // close server and ensure we can start a new server on the previous address
-        // the open SSH connection process should not inherit the existing server socket
+        // the pending SSH connection process should not inherit the existing server socket
         fclose($server);
         $server = stream_socket_server('tcp://' . $address);
         $this->assertTrue(is_resource($server));
-
         fclose($server);
-        $connection->close();
+
+        $promise->cancel();
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -42,12 +42,21 @@ function fds($path = '/dev/fd')`
`42`	`42`	`*/`
`43`	`43`	`function processWithoutFds($command)`
`44`	`44`	`{`
	`45`	`+ // launch process with default STDIO pipes`
	`46`	`+ $pipes = array(`
	`47`	`+ array('pipe', 'r'),`
	`48`	`+ array('pipe', 'w'),`
	`49`	`+ array('pipe', 'w')`
	`50`	`+ );`
	`51`	`+`
`45`	`52`	`// try to get list of all open FDs`
`46`	`53`	`$fds = fds();`
`47`	`54`
`48`		`- // do not inherit open FDs by explicitly closing all of them`
	`55`	`+ // do not inherit open FDs by explicitly overwriting existing FDs with dummy files`
	`56`	`+ // additionally, close all dummy files in the child process again`
`49`	`57`	`foreach ($fds as $fd) {`
`50`	`58`	`if ($fd > 2) {`
	`59`	`+ $pipes[$fd] = array('file', '/dev/null', 'r');`
`51`	`60`	`$command .= ' ' . $fd . '>&-';`
`52`	`61`	`}`
`53`	`62`	`}`
`@@ -57,5 +66,5 @@ function processWithoutFds($command)`
`57`	`66`	`$command = 'exec bash -c ' . escapeshellarg($command);`
`58`	`67`	`}`
`59`	`68`
`60`		`- return new Process($command);`
	`69`	`+ return new Process($command, null, null, $pipes);`
`61`	`70`	`}`
Original file line number	Diff line number	Diff line change
`@@ -69,7 +69,7 @@ public function testConnectValidTargetWillReturnPromiseWhichResolvesToConnection`
`69`	`69`	`$connection->close();`
`70`	`70`	`}`
`71`	`71`
`72`		`- public function testConnectValidTargetWillNotInheritActiveFileDescriptors()`
	`72`	`+ public function testConnectPendingWillNotInheritActiveFileDescriptors()`
`73`	`73`	`{`
`74`	`74`	`$server = stream_socket_server('tcp://127.0.0.1:0');`
`75`	`75`	`$address = stream_socket_get_name($server, false);`
`@@ -83,17 +83,15 @@ public function testConnectValidTargetWillNotInheritActiveFileDescriptors()`
`83`	`83`	`$this->markTestSkipped('Platform does not prevent binding to same address (Windows?)');`
`84`	`84`	`}`
`85`	`85`
`86`		`- // wait for successful connection`
`87`	`86`	`$promise = $this->connector->connect('example.com:80');`
`88`		`- $connection = \Clue\React\Block\await($promise, $this->loop, self::TIMEOUT);`
`89`	`87`
`90`	`88`	`// close server and ensure we can start a new server on the previous address`
`91`		`- // the open SSH connection process should not inherit the existing server socket`
	`89`	`+ // the pending SSH connection process should not inherit the existing server socket`
`92`	`90`	`fclose($server);`
`93`	`91`	`$server = stream_socket_server('tcp://' . $address);`
`94`	`92`	`$this->assertTrue(is_resource($server));`
`95`		`-`
`96`	`93`	`fclose($server);`
`97`		`- $connection->close();`
	`94`	`+`
	`95`	`+ $promise->cancel();`
`98`	`96`	`}`
`99`	`97`	`}`
Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ public function testConnectValidTargetWillReturnPromiseWhichResolvesToConnection`
`89`	`89`	`$connection->close();`
`90`	`90`	`}`
`91`	`91`
`92`		`- public function testConnectValidTargetWillNotInheritActiveFileDescriptors()`
	`92`	`+ public function testConnectPendingWillNotInheritActiveFileDescriptors()`
`93`	`93`	`{`
`94`	`94`	`$server = stream_socket_server('tcp://127.0.0.1:0');`
`95`	`95`	`$address = stream_socket_get_name($server, false);`
`@@ -103,17 +103,15 @@ public function testConnectValidTargetWillNotInheritActiveFileDescriptors()`
`103`	`103`	`$this->markTestSkipped('Platform does not prevent binding to same address (Windows?)');`
`104`	`104`	`}`
`105`	`105`
`106`		`- // wait for successful connection`
`107`	`106`	`$promise = $this->connector->connect('example.com:80');`
`108`		`- $connection = \Clue\React\Block\await($promise, $this->loop, self::TIMEOUT);`
`109`	`107`
`110`	`108`	`// close server and ensure we can start a new server on the previous address`
`111`		`- // the open SSH connection process should not inherit the existing server socket`
	`109`	`+ // the pending SSH connection process should not inherit the existing server socket`
`112`	`110`	`fclose($server);`
`113`	`111`	`$server = stream_socket_server('tcp://' . $address);`
`114`	`112`	`$this->assertTrue(is_resource($server));`
`115`		`-`
`116`	`113`	`fclose($server);`
`117`		`- $connection->close();`
	`114`	`+`
	`115`	`+ $promise->cancel();`
`118`	`116`	`}`
`119`	`117`	`}`