On Mon, 18 Dec 2006 14:20, [EMAIL PROTECTED] said:
> The function _gcry_rndlinux_gather_random() in cipher/rndlinux.c opens
> two file handles (fd_random and fd_urandom) which are never closed.
> Since it does not apply the FD_CLOEXEC flag, all subprocesses will
> inherit these two handles without ever using them.
In general all file descriptors should be closed explicitly right
before an exec. Thus it is more of an application error. I'll fix it
anyway.
The supplied patch is not correct as it does not preserve otehr file
flags. The correct pacth is:
--- cipher/rndlinux.c (revision 1174)
+++ cipher/rndlinux.c (working copy)
@@ -42,6 +42,19 @@
int requester,
size_t length, int level );
+static int
+set_cloexec_flag (int fd)
+{
+ int oldflags;
+
+ oldflags= fcntl (fd, F_GETFD, 0);
+ if (oldflags < 0)
+ return oldflags;
+ oldflags |= FD_CLOEXEC;
+ return fcntl (fd, F_SETFD, oldflags);
+}
+
+
/*
* Used to open the /dev/random devices (Linux, xBSD, Solaris (if it exists)).
*/
@@ -54,6 +67,10 @@
if( fd == -1 )
log_fatal ("can't open %s: %s\n", name, strerror(errno) );
+ if (set_cloexec_flag (fd))
+ log_error ("error setting FD_CLOEXEC on fd %d: %s\n",
+ fd, strerror (errno));
+
/* We used to do the follwing check, however it turned out that this
is not portable since more OSes provide a random device which is
sometimes implemented as anoteher device type.
Shalom-Salam,
Werner
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
