Philip Guenther wrote: > On Mon, Oct 26, 2015 at 9:05 AM, Ted Unangst <[email protected]> wrote: > > Philip Guenther wrote: > >> On Mon, Oct 26, 2015 at 6:47 AM, Ted Unangst <[email protected]> wrote: > >> > Old bug in pwcache functions. Calling setpassent(1) to keep the passwd > >> > database open is a surprising abstraction violation for the caller of > >> > user_from_uid. Now it has a file descriptor it must close before exec by > >> > calling endpwent(), but this fact is not mentioned. (find is affected by > >> > this, > >> > for example.) > >> > >> That last claim isn't true: the fds are marked close-on-exec so > >> there's no leakage. > > > > That's what I get for believing the lies of the setpassent() man page. > > Ah, I missed fixing that before. How's this?
Yes.
