[netcf-devel] [PATCH] Set FD_CLOEXEC on netlink's file descriptor.

Laine Stump
Wed, 17 Mar 2010 22:21:49 -0700

This protects against an application that uses netcf and may exec a
program without explicitly closing all open file descriptors in the
child process.
---
 src/dutil.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)


diff --git a/src/dutil.c b/src/dutil.c
index dbb43ef..2a6eaa0 100644
--- a/src/dutil.c
+++ b/src/dutil.c
@@ -519,6 +519,9 @@ int netlink_init(struct netcf *ncf) {
     }
     nl_cache_mngt_provide(ncf->driver->addr_cache);
 
+    int netlink_fd = nl_socket_get_fd(ncf->driver->nl_sock);
+    if (netlink_fd >= 0)
+        fcntl(netlink_fd, F_SETFD, FD_CLOEXEC);
     return 0;
 
 error:
-- 
1.6.6.1

_______________________________________________
netcf-devel mailing list
netcf-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/netcf-devel

Reply via email to