On Mon, Oct 26, 2015 at 6:47 AM, Ted Unangst <t...@tedunangst.com> wrote: > Old bug in pwcache functions. Calling setpassent(1) to keep the passwd > database open is a surprising abstraction violation for the caller of > user_from_uid. Now it has a file descriptor it must close before exec by > calling endpwent(), but this fact is not mentioned. (find is affected by this, > for example.)
That last claim isn't true: the fds are marked close-on-exec so there's no leakage. Philip