diff options
| author | Guy Helmer <ghelmer@FreeBSD.org> | 2012-01-10 18:43:27 +0000 |
|---|---|---|
| committer | Guy Helmer <ghelmer@FreeBSD.org> | 2012-01-10 18:43:27 +0000 |
| commit | 0dc6d4d19ca8657c7f6d7ee5b43f05ec1e018b84 (patch) | |
| tree | ea55e76101d5ad51f74c363951121b3f9bdffbdd /lib/libutil | |
| parent | 5dda2db9c8dfe4a948f486baeec7166462fde3e2 (diff) | |
| download | src-0dc6d4d19ca8657c7f6d7ee5b43f05ec1e018b84.tar.gz src-0dc6d4d19ca8657c7f6d7ee5b43f05ec1e018b84.zip | |
Set the FD_CLOEXEC flag on the open pidfile file descriptor.
Discussed with: pjd, des
Notes
Notes:
svn path=/head/; revision=229936
Diffstat (limited to 'lib/libutil')
| -rw-r--r-- | lib/libutil/pidfile.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/libutil/pidfile.c b/lib/libutil/pidfile.c index 953d1e0438e6..fcd504c18e99 100644 --- a/lib/libutil/pidfile.c +++ b/lib/libutil/pidfile.c @@ -137,6 +137,20 @@ pidfile_open(const char *path, mode_t mode, pid_t *pidptr) free(pfh); return (NULL); } + + /* + * Prevent the file descriptor from escaping to other + * programs via exec(3). + */ + if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) { + error = errno; + unlink(pfh->pf_path); + close(fd); + free(pfh); + errno = error; + return (NULL); + } + /* * Remember file information, so in pidfile_write() we are sure we write * to the proper descriptor. |