svn commit: r229936 - head/lib/libutil
Guy Helmer
ghelmer at FreeBSD.org
Tue Jan 10 18:43:27 UTC 2012
Author: ghelmer
Date: Tue Jan 10 18:43:27 2012
New Revision: 229936
URL: http://svn.freebsd.org/changeset/base/229936
Log:
Set the FD_CLOEXEC flag on the open pidfile file descriptor.
Discussed with: pjd, des
Modified:
head/lib/libutil/pidfile.c
Modified: head/lib/libutil/pidfile.c
==============================================================================
--- head/lib/libutil/pidfile.c Tue Jan 10 18:20:19 2012 (r229935)
+++ head/lib/libutil/pidfile.c Tue Jan 10 18:43:27 2012 (r229936)
@@ -137,6 +137,20 @@ pidfile_open(const char *path, mode_t mo
free(pfh);
return (NULL);
}
+
+ /*
+ * Prevent the file descriptor from escaping to other
+ * programs via exec(3).
+ */
+ if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
+ error = errno;
+ unlink(pfh->pf_path);
+ close(fd);
+ free(pfh);
+ errno = error;
+ return (NULL);
+ }
+
/*
* Remember file information, so in pidfile_write() we are sure we write
* to the proper descriptor.
More information about the svn-src-all
mailing list