Date: Sat, 29 Sep 2012 11:54:35 +0000 (UTC) From: Jilles Tjoelker <jilles@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r241046 - in head/lib/libc: gen locale nls stdlib yp Message-ID: <201209291154.q8TBsZPF019690@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jilles Date: Sat Sep 29 11:54:34 2012 New Revision: 241046 URL: http://svn.freebsd.org/changeset/base/241046 Log: libc: Use O_CLOEXEC for various internal file descriptors. This fixes a race condition where another thread may fork() before CLOEXEC is set, unintentionally passing the descriptor to the child process. This commit only adds O_CLOEXEC flags to open() or openat() calls where no fcntl(fd, F_SETFD, FD_CLOEXEC) follows. The separate fcntl() call still leaves a race window so it should be fixed later. Modified: head/lib/libc/gen/arc4random.c head/lib/libc/gen/getcap.c head/lib/libc/gen/getcwd.c head/lib/libc/gen/nlist.c head/lib/libc/gen/opendir.c head/lib/libc/gen/pututxline.c head/lib/libc/gen/readpassphrase.c head/lib/libc/gen/sem_new.c head/lib/libc/gen/syslog.c head/lib/libc/locale/ldpart.c head/lib/libc/nls/msgcat.c head/lib/libc/stdlib/rand.c head/lib/libc/stdlib/random.c head/lib/libc/yp/yplib.c Modified: head/lib/libc/gen/arc4random.c ============================================================================== --- head/lib/libc/gen/arc4random.c Sat Sep 29 10:49:02 2012 (r241045) +++ head/lib/libc/gen/arc4random.c Sat Sep 29 11:54:34 2012 (r241046) @@ -153,7 +153,7 @@ arc4_stir(void) if (arc4_sysctl((u_char *)&rdat, KEYSIZE) == KEYSIZE) done = 1; if (!done) { - fd = _open(RANDOMDEV, O_RDONLY, 0); + fd = _open(RANDOMDEV, O_RDONLY | O_CLOEXEC, 0); if (fd >= 0) { if (_read(fd, &rdat, KEYSIZE) == KEYSIZE) done = 1; Modified: head/lib/libc/gen/getcap.c ============================================================================== --- head/lib/libc/gen/getcap.c Sat Sep 29 10:49:02 2012 (r241045) +++ head/lib/libc/gen/getcap.c Sat Sep 29 11:54:34 2012 (r241046) @@ -264,7 +264,7 @@ getent(char **cap, u_int *len, char **db *cap = cbuf; return (retval); } else { - fd = _open(*db_p, O_RDONLY, 0); + fd = _open(*db_p, O_RDONLY | O_CLOEXEC, 0); if (fd < 0) continue; myfd = 1; Modified: head/lib/libc/gen/getcwd.c ============================================================================== --- head/lib/libc/gen/getcwd.c Sat Sep 29 10:49:02 2012 (r241045) +++ head/lib/libc/gen/getcwd.c Sat Sep 29 11:54:34 2012 (r241046) @@ -142,7 +142,7 @@ getcwd(pt, size) /* Open and stat parent directory. */ fd = _openat(dir != NULL ? _dirfd(dir) : AT_FDCWD, - "..", O_RDONLY); + "..", O_RDONLY | O_CLOEXEC); if (fd == -1) goto err; if (dir) Modified: head/lib/libc/gen/nlist.c ============================================================================== --- head/lib/libc/gen/nlist.c Sat Sep 29 10:49:02 2012 (r241045) +++ head/lib/libc/gen/nlist.c Sat Sep 29 11:54:34 2012 (r241046) @@ -66,7 +66,7 @@ nlist(name, list) { int fd, n; - fd = _open(name, O_RDONLY, 0); + fd = _open(name, O_RDONLY | O_CLOEXEC, 0); if (fd < 0) return (-1); n = __fdnlist(fd, list); Modified: head/lib/libc/gen/opendir.c ============================================================================== --- head/lib/libc/gen/opendir.c Sat Sep 29 10:49:02 2012 (r241045) +++ head/lib/libc/gen/opendir.c Sat Sep 29 11:54:34 2012 (r241046) @@ -199,7 +199,8 @@ __opendir_common(int fd, const char *nam * which has also been read -- see fts.c. */ if (flags & DTF_REWIND) { - if ((fd2 = _open(name, O_RDONLY | O_DIRECTORY)) == -1) { + if ((fd2 = _open(name, O_RDONLY | O_DIRECTORY | + O_CLOEXEC)) == -1) { saved_errno = errno; free(buf); free(dirp); Modified: head/lib/libc/gen/pututxline.c ============================================================================== --- head/lib/libc/gen/pututxline.c Sat Sep 29 10:49:02 2012 (r241045) +++ head/lib/libc/gen/pututxline.c Sat Sep 29 11:54:34 2012 (r241046) @@ -47,7 +47,7 @@ futx_open(const char *file) struct stat sb; int fd; - fd = _open(file, O_CREAT|O_RDWR|O_EXLOCK, 0644); + fd = _open(file, O_CREAT|O_RDWR|O_EXLOCK|O_CLOEXEC, 0644); if (fd < 0) return (NULL); @@ -235,7 +235,7 @@ utx_lastlogin_upgrade(void) struct stat sb; int fd; - fd = _open(_PATH_UTX_LASTLOGIN, O_RDWR, 0644); + fd = _open(_PATH_UTX_LASTLOGIN, O_RDWR|O_CLOEXEC, 0644); if (fd < 0) return; @@ -269,7 +269,7 @@ utx_log_add(const struct futx *fu) vec[1].iov_len = l; l = htobe16(l); - fd = _open(_PATH_UTX_LOG, O_CREAT|O_WRONLY|O_APPEND, 0644); + fd = _open(_PATH_UTX_LOG, O_CREAT|O_WRONLY|O_APPEND|O_CLOEXEC, 0644); if (fd < 0) return (-1); if (_writev(fd, vec, 2) == -1) Modified: head/lib/libc/gen/readpassphrase.c ============================================================================== --- head/lib/libc/gen/readpassphrase.c Sat Sep 29 10:49:02 2012 (r241045) +++ head/lib/libc/gen/readpassphrase.c Sat Sep 29 11:54:34 2012 (r241046) @@ -68,7 +68,7 @@ restart: * stdin and write to stderr unless a tty is required. */ if ((flags & RPP_STDIN) || - (input = output = _open(_PATH_TTY, O_RDWR)) == -1) { + (input = output = _open(_PATH_TTY, O_RDWR | O_CLOEXEC)) == -1) { if (flags & RPP_REQUIRE_TTY) { errno = ENOTTY; return(NULL); Modified: head/lib/libc/gen/sem_new.c ============================================================================== --- head/lib/libc/gen/sem_new.c Sat Sep 29 10:49:02 2012 (r241045) +++ head/lib/libc/gen/sem_new.c Sat Sep 29 11:54:34 2012 (r241046) @@ -198,7 +198,7 @@ _sem_open(const char *name, int flags, . goto error; } - fd = _open(path, flags|O_RDWR, mode); + fd = _open(path, flags|O_RDWR|O_CLOEXEC, mode); if (fd == -1) goto error; if (flock(fd, LOCK_EX) == -1) Modified: head/lib/libc/gen/syslog.c ============================================================================== --- head/lib/libc/gen/syslog.c Sat Sep 29 10:49:02 2012 (r241045) +++ head/lib/libc/gen/syslog.c Sat Sep 29 11:54:34 2012 (r241046) @@ -300,7 +300,8 @@ vsyslog(int pri, const char *fmt, va_lis * Make sure the error reported is the one from the syslogd failure. */ if (LogStat & LOG_CONS && - (fd = _open(_PATH_CONSOLE, O_WRONLY|O_NONBLOCK, 0)) >= 0) { + (fd = _open(_PATH_CONSOLE, O_WRONLY|O_NONBLOCK|O_CLOEXEC, 0)) >= + 0) { struct iovec iov[2]; struct iovec *v = iov; Modified: head/lib/libc/locale/ldpart.c ============================================================================== --- head/lib/libc/locale/ldpart.c Sat Sep 29 10:49:02 2012 (r241045) +++ head/lib/libc/locale/ldpart.c Sat Sep 29 11:54:34 2012 (r241046) @@ -87,7 +87,7 @@ __part_load_locale(const char *name, strcat(filename, name); strcat(filename, "/"); strcat(filename, category_filename); - if ((fd = _open(filename, O_RDONLY)) < 0) + if ((fd = _open(filename, O_RDONLY | O_CLOEXEC)) < 0) return (_LDP_ERROR); if (_fstat(fd, &st) != 0) goto bad_locale; Modified: head/lib/libc/nls/msgcat.c ============================================================================== --- head/lib/libc/nls/msgcat.c Sat Sep 29 10:49:02 2012 (r241045) +++ head/lib/libc/nls/msgcat.c Sat Sep 29 11:54:34 2012 (r241046) @@ -384,7 +384,7 @@ load_msgcat(const char *path, const char } UNLOCK; - if ((fd = _open(path, O_RDONLY)) == -1) { + if ((fd = _open(path, O_RDONLY | O_CLOEXEC)) == -1) { SAVEFAIL(name, lang, errno); NLRETERR(errno); } Modified: head/lib/libc/stdlib/rand.c ============================================================================== --- head/lib/libc/stdlib/rand.c Sat Sep 29 10:49:02 2012 (r241045) +++ head/lib/libc/stdlib/rand.c Sat Sep 29 11:54:34 2012 (r241046) @@ -121,7 +121,7 @@ sranddev() int fd, done; done = 0; - fd = _open("/dev/random", O_RDONLY, 0); + fd = _open("/dev/random", O_RDONLY | O_CLOEXEC, 0); if (fd >= 0) { if (_read(fd, (void *) &next, sizeof(next)) == sizeof(next)) done = 1; Modified: head/lib/libc/stdlib/random.c ============================================================================== --- head/lib/libc/stdlib/random.c Sat Sep 29 10:49:02 2012 (r241045) +++ head/lib/libc/stdlib/random.c Sat Sep 29 11:54:34 2012 (r241046) @@ -303,7 +303,7 @@ srandomdev(void) len = rand_deg * sizeof state[0]; done = 0; - fd = _open("/dev/random", O_RDONLY, 0); + fd = _open("/dev/random", O_RDONLY | O_CLOEXEC, 0); if (fd >= 0) { if (_read(fd, (void *) state, len) == (ssize_t) len) done = 1; Modified: head/lib/libc/yp/yplib.c ============================================================================== --- head/lib/libc/yp/yplib.c Sat Sep 29 10:49:02 2012 (r241045) +++ head/lib/libc/yp/yplib.c Sat Sep 29 11:54:34 2012 (r241046) @@ -375,7 +375,7 @@ again: ysd->dom_socket = -1; } snprintf(path, sizeof(path), "%s/%s.%d", BINDINGDIR, dom, 2); - if ((fd = _open(path, O_RDONLY)) == -1) { + if ((fd = _open(path, O_RDONLY | O_CLOEXEC)) == -1) { /* no binding file, YP is dead. */ /* Try to bring it back to life. */ _close(fd);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209291154.q8TBsZPF019690>