Philip Guenther wrote: > On Mon, Oct 26, 2015 at 6:47 AM, Ted Unangst <t...@tedunangst.com> wrote: > > Old bug in pwcache functions. Calling setpassent(1) to keep the passwd > > database open is a surprising abstraction violation for the caller of > > user_from_uid. Now it has a file descriptor it must close before exec by > > calling endpwent(), but this fact is not mentioned. (find is affected by > > this, > > for example.) > > That last claim isn't true: the fds are marked close-on-exec so > there's no leakage.
That's what I get for believing the lies of the setpassent() man page.
