Skip to content

Commit

Permalink
lib/: Set O_CLOEXEC for static FILE handles
Browse files Browse the repository at this point in the history 
With glibc we can use "e" in mode argument to set O_CLOEXEC on
opened files. The /etc/shadow and /etc/gshadow file handles should
be protected to make sure that they are never passed to child
processes by accident.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
  • Loading branch information
@stoeckmann @alejandro-colomar
stoeckmann authored and alejandro-colomar committed Jan 10, 2025
1 parent a772484 commit aebc4dd
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion lib/gshadow.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ void setsgent (void)
if (NULL != shadow) {
rewind (shadow);
} else {
shadow = fopen (SGROUP_FILE, "r");
shadow = fopen (SGROUP_FILE, "re");
}
}

Expand Down
2 changes: 1 addition & 1 deletion lib/shadow.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ void setspent (void)
if (NULL != shadow) {
rewind (shadow);
}else {
shadow = fopen (SHADOW_FILE, "r");
shadow = fopen (SHADOW_FILE, "re");
}
}

Expand Down

0 comments on commit aebc4dd

Please sign in to comment.