diff options
| author | Sergey Bugaev <bugaevc@gmail.com> | 2023-04-19 19:02:03 +0300 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2023-04-22 13:50:14 +0200 |
| commit | 533deafbdf189f5fbb280c28562dd43ace2f4b0f (patch) | |
| tree | 292d1cf07d52199a9dd247c6bb06f5566c218855 /iconv | |
| parent | 28a441cc577e31e95742b9ec5f1737b86749b712 (diff) | |
| download | glibc-533deafbdf189f5fbb280c28562dd43ace2f4b0f.zip glibc-533deafbdf189f5fbb280c28562dd43ace2f4b0f.tar.gz glibc-533deafbdf189f5fbb280c28562dd43ace2f4b0f.tar.bz2 | |
Use O_CLOEXEC in more places (BZ #15722)
When opening a temporary file without O_CLOEXEC we risk leaking the
file descriptor if another thread calls (fork and then) exec while we
have the fd open. Fix this by consistently passing O_CLOEXEC everywhere
where we open a file for internal use (and not to return it to the user,
in which case the API defines whether or not the close-on-exec flag
shall be set on the returned fd).
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>
Message-Id: <20230419160207.65988-4-bugaevc@gmail.com>
Diffstat (limited to 'iconv')
| -rw-r--r-- | iconv/gconv_cache.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/iconv/gconv_cache.c b/iconv/gconv_cache.c index f2100ca..87136e2 100644 --- a/iconv/gconv_cache.c +++ b/iconv/gconv_cache.c @@ -58,7 +58,7 @@ __gconv_load_cache (void) return -1; /* See whether the cache file exists. */ - fd = __open_nocancel (GCONV_MODULES_CACHE, O_RDONLY, 0); + fd = __open_nocancel (GCONV_MODULES_CACHE, O_RDONLY | O_CLOEXEC, 0); if (__builtin_expect (fd, 0) == -1) /* Not available. */ return -1; |