Date: Tue, 10 Jan 2012 18:43:27 +0000 (UTC) From: Guy Helmer <ghelmer@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r229936 - head/lib/libutil Message-ID: <201201101843.q0AIhRuM022949@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: ghelmer Date: Tue Jan 10 18:43:27 2012 New Revision: 229936 URL: http://svn.freebsd.org/changeset/base/229936 Log: Set the FD_CLOEXEC flag on the open pidfile file descriptor. Discussed with: pjd, des Modified: head/lib/libutil/pidfile.c Modified: head/lib/libutil/pidfile.c ============================================================================== --- head/lib/libutil/pidfile.c Tue Jan 10 18:20:19 2012 (r229935) +++ head/lib/libutil/pidfile.c Tue Jan 10 18:43:27 2012 (r229936) @@ -137,6 +137,20 @@ pidfile_open(const char *path, mode_t mo free(pfh); return (NULL); } + + /* + * Prevent the file descriptor from escaping to other + * programs via exec(3). + */ + if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) { + error = errno; + unlink(pfh->pf_path); + close(fd); + free(pfh); + errno = error; + return (NULL); + } + /* * Remember file information, so in pidfile_write() we are sure we write * to the proper descriptor.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201201101843.q0AIhRuM022949>