diff options
| author | Ken Raeburn <raeburn@mit.edu> | 2007-10-22 19:18:53 +0000 |
|---|---|---|
| committer | Ken Raeburn <raeburn@mit.edu> | 2007-10-22 19:18:53 +0000 |
| commit | 3d8fa6bb4012296a53fe04e486a9157a2963b644 (patch) | |
| tree | 7c0f5dcc658ebd75d758024a21097af95d616e05 /src/util | |
| parent | 70e8d7a6c50bbdb547150eba0abdef46d93d5b71 (diff) | |
| download | krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.tar.gz krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.tar.xz krb5-3d8fa6bb4012296a53fe04e486a9157a2963b644.zip | |
Set close-on-exec flag in most places where file descriptors are
opened in our libraries (in case another application thread spawns a
new process) and in the KDC programs (in case a plugin library spawns
a new process).
Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup
dup2 pipe. In: util lib plugins kdc kadmin/server krb524.
The various programs are less critical than the libraries, as any
well-written plugin that spawns a new process should close all file
descriptors it doesn't need to communicate with the new process.
This approach also isn't bulletproof, as the call to set the
close-on-exec flag is necessarily a separate call from creating the
file descriptor, and the fork call could happen in between them. So
plugins should be careful regardless of this patch; it will only
reduce the window of potential lossage should a plugin be poorly
written. (AFAIK there are currently no plugins that spawn processes
where this would be a problem.)
Update dependencies.
ticket: 5561
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/util')
| -rw-r--r-- | src/util/profile/prof_file.c | 2 | ||||
| -rw-r--r-- | src/util/ss/list_rqs.c | 2 | ||||
| -rw-r--r-- | src/util/ss/pager.c | 3 | ||||
| -rw-r--r-- | src/util/support/threads.c | 6 |
4 files changed, 10 insertions, 3 deletions
diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c index cb9bfbc5a..44d63a8ba 100644 --- a/src/util/profile/prof_file.c +++ b/src/util/profile/prof_file.c @@ -369,6 +369,7 @@ errcode_t profile_update_file_data(prf_data_t data) retval = ENOENT; return retval; } + set_cloexec_file(f); data->upd_serial++; data->flags &= PROFILE_FILE_SHARED; if (rw_access(data->filespec)) @@ -428,6 +429,7 @@ static errcode_t write_data_to_file(prf_data_t data, const char *outfile, goto errout; } + set_cloexec_file(f); profile_write_tree_file(data->root, f); if (fclose(f) != 0) { retval = errno; diff --git a/src/util/ss/list_rqs.c b/src/util/ss/list_rqs.c index 045a0c82b..fd863bbf4 100644 --- a/src/util/ss/list_rqs.c +++ b/src/util/ss/list_rqs.c @@ -68,7 +68,7 @@ ss_list_requests(argc, argv, sci_idx, info_ptr) func = signal(SIGINT, SIG_IGN); #endif - fd = ss_pager_create(); + fd = ss_pager_create(); /* FD_CLOEXEC set */ output = fdopen(fd, "w"); #ifdef POSIX_SIGNALS diff --git a/src/util/ss/pager.c b/src/util/ss/pager.c index c8a52f079..49e8eb6ed 100644 --- a/src/util/ss/pager.c +++ b/src/util/ss/pager.c @@ -52,6 +52,7 @@ int ss_pager_create() * "write" side. */ (void) close(filedes[0]); + set_cloexec_fd(filedes[1]); return(filedes[1]); } } @@ -60,6 +61,8 @@ int ss_pager_create() { int fd; fd = open("/dev/tty", O_WRONLY, 0); + if (fd >= 0) + set_cloexec_fd(fd); return fd; } #endif diff --git a/src/util/support/threads.c b/src/util/support/threads.c index 968a99554..29613fd61 100644 --- a/src/util/support/threads.c +++ b/src/util/support/threads.c @@ -1,7 +1,7 @@ /* * util/support/threads.c * - * Copyright 2004,2005,2006 by the Massachusetts Institute of Technology. + * Copyright 2004,2005,2006,2007 by the Massachusetts Institute of Technology. * All Rights Reserved. * * Export of this software from the United States of America may @@ -424,7 +424,9 @@ int krb5int_thread_support_init (void) /* stats_logfile = stderr; */ stats_logfile = fopen("/dev/tty", "w+"); if (stats_logfile == NULL) - stats_logfile = stderr; + stats_logfile = stderr; + else + set_cloexec_file(stats_logfile); #endif #ifndef ENABLE_THREADS |