From 086bbc5b623d08df9ffe595bd5ee965e668a4ae1 Mon Sep 17 00:00:00 2001 From: Dan McGee Date: Thu, 2 Jan 2014 12:37:12 -0600 Subject: Use O_CLOEXEC as much as possible when opening files When calling open(), use O_CLOEXEC as much as possible to ensure the file descriptor is closed when and if a process using libalpm forks. For most of these cases, and especially in utility functions, the file descriptor is opened and closed in the same function, so we don't have too much to worry about. However, for things like the log file and database lock file, we should ensure descriptors aren't left hanging around for children to touch. This patch is inspired by the problem in FS#36161, where an open file descriptor to the current working directory prevents chroot() from working on FreeBSD. We don't need this file descriptor in the child process, so open it (and now several others) with O_CLOEXEC. Signed-off-by: Dan McGee Signed-off-by: Allan McRae --- lib/libalpm/log.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'lib/libalpm/log.c') diff --git a/lib/libalpm/log.c b/lib/libalpm/log.c index 2cdf7403..c4a9d84c 100644 --- a/lib/libalpm/log.c +++ b/lib/libalpm/log.c @@ -49,9 +49,16 @@ int SYMEXPORT alpm_logaction(alpm_handle_t *handle, const char *prefix, /* check if the logstream is open already, opening it if needed */ if(handle->logstream == NULL) { - handle->logstream = fopen(handle->logfile, "a"); + int fd; + do { + fd = open(handle->logfile, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, + 0000); + } while(fd == -1 && errno == EINTR); + if(fd >= 0) { + handle->logstream = fdopen(fd, "a"); + } /* if we couldn't open it, we have an issue */ - if(handle->logstream == NULL) { + if(fd < 0 || handle->logstream == NULL) { if(errno == EACCES) { handle->pm_errno = ALPM_ERR_BADPERMS; } else if(errno == ENOENT) { -- cgit v1.2.3-24-g4f1b