From owner-svn-src-all@FreeBSD.ORG Sun Nov 4 21:42:24 2012 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id CBB171E5; Sun, 4 Nov 2012 21:42:24 +0000 (UTC) (envelope-from jilles@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 96ACE8FC0C; Sun, 4 Nov 2012 21:42:24 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id qA4LgOqK060594; Sun, 4 Nov 2012 21:42:24 GMT (envelope-from jilles@svn.freebsd.org) Received: (from jilles@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id qA4LgOFn060591; Sun, 4 Nov 2012 21:42:24 GMT (envelope-from jilles@svn.freebsd.org) Message-Id: <201211042142.qA4LgOFn060591@svn.freebsd.org> From: Jilles Tjoelker Date: Sun, 4 Nov 2012 21:42:24 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r242587 - head/libexec/rtld-elf X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Nov 2012 21:42:24 -0000 Author: jilles Date: Sun Nov 4 21:42:24 2012 New Revision: 242587 URL: http://svn.freebsd.org/changeset/base/242587 Log: rtld: Fix fd leak with parallel dlopen and fork/exec. Rtld did not set FD_CLOEXEC on its internal file descriptors; therefore, such a file descriptor may be passed to a process created by another thread running in parallel to dlopen() or fdlopen(). No other threads are expected to be running during parsing of the hints and libmap files but the file descriptors need not be passed to child processes so add O_CLOEXEC there as well. This change will break fdlopen() (as used by OpenPAM) on kernels without F_DUPFD_CLOEXEC (added in July). Note that running new userland on old kernels is not supported. Reviewed by: kib Modified: head/libexec/rtld-elf/libmap.c head/libexec/rtld-elf/rtld.c Modified: head/libexec/rtld-elf/libmap.c ============================================================================== --- head/libexec/rtld-elf/libmap.c Sun Nov 4 21:38:27 2012 (r242586) +++ head/libexec/rtld-elf/libmap.c Sun Nov 4 21:42:24 2012 (r242587) @@ -121,7 +121,7 @@ lmc_parse_file(char *path) } } - fd = open(rpath, O_RDONLY); + fd = open(rpath, O_RDONLY | O_CLOEXEC); if (fd == -1) { dbg("lm_parse_file: open(\"%s\") failed, %s", rpath, rtld_strerror(errno)); Modified: head/libexec/rtld-elf/rtld.c ============================================================================== --- head/libexec/rtld-elf/rtld.c Sun Nov 4 21:38:27 2012 (r242586) +++ head/libexec/rtld-elf/rtld.c Sun Nov 4 21:42:24 2012 (r242587) @@ -1598,7 +1598,7 @@ gethints(bool nostdlib) /* Keep from trying again in case the hints file is bad. */ hints = ""; - if ((fd = open(ld_elf_hints_path, O_RDONLY)) == -1) + if ((fd = open(ld_elf_hints_path, O_RDONLY | O_CLOEXEC)) == -1) return (NULL); if (read(fd, &hdr, sizeof hdr) != sizeof hdr || hdr.magic != ELFHINTS_MAGIC || @@ -2046,13 +2046,13 @@ load_object(const char *name, int fd_u, */ fd = -1; if (fd_u == -1) { - if ((fd = open(path, O_RDONLY)) == -1) { + if ((fd = open(path, O_RDONLY | O_CLOEXEC)) == -1) { _rtld_error("Cannot open \"%s\"", path); free(path); return (NULL); } } else { - fd = dup(fd_u); + fd = fcntl(fd_u, F_DUPFD_CLOEXEC, 0); if (fd == -1) { _rtld_error("Cannot dup fd"); free(path);