Author: ghelmer
Date: Tue Jan 10 18:43:27 2012
New Revision: 229936
URL: http://svn.freebsd.org/changeset/base/229936
Log:
Set the FD_CLOEXEC flag on the open pidfile file descriptor.
Discussed with: pjd, des
Modified:
head/lib/libutil/pidfile.c
Modified: head/lib/libutil/pidfile.c
==============================================================================
--- head/lib/libutil/pidfile.c Tue Jan 10 18:20:19 2012 (r229935)
+++ head/lib/libutil/pidfile.c Tue Jan 10 18:43:27 2012 (r229936)
@@ -137,6 +137,20 @@ pidfile_open(const char *path, mode_t mo
free(pfh);
return (NULL);
}
+
+ /*
+ * Prevent the file descriptor from escaping to other
+ * programs via exec(3).
+ */
+ if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
+ error = errno;
+ unlink(pfh->pf_path);
+ close(fd);
+ free(pfh);
+ errno = error;
+ return (NULL);
+ }
+
/*
* Remember file information, so in pidfile_write() we are sure we write
* to the proper descriptor.
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
