diff options
author | Stef Walter <stef@thewalter.net> | 2013-07-16 22:43:37 +0200 |
---|---|---|
committer | Stef Walter <stef@thewalter.net> | 2013-07-18 07:33:57 +0200 |
commit | ab1caffd9e09fd4d6ab92713de29436db0da6dea (patch) | |
tree | 0098dbb6ac26ba5d3e882155f368bc9c3010b230 /p11-kit/pin.c | |
parent | 9886b39e2ebd2f711b5b0c3ca2e24694a9ffd361 (diff) |
open files with O_CLOEXEC when possible
This helps prevent leaked file descriptors when the library is
used in a process which exec's.
opendir() already uses O_CLOEXEC on platforms that support O_CLOEXEC
so we don't need to make changes there.
In addition read config files using p11_mmap_open() so that we get
the simple benefits of O_CLOEXEC with the open() call there.
https://bugzilla.redhat.com/show_bug.cgi?id=984986
Diffstat (limited to 'p11-kit/pin.c')
-rw-r--r-- | p11-kit/pin.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/p11-kit/pin.c b/p11-kit/pin.c index b64b737..60571de 100644 --- a/p11-kit/pin.c +++ b/p11-kit/pin.c @@ -466,7 +466,7 @@ p11_kit_pin_file_callback (const char *pin_source, if (pin_flags & P11_KIT_PIN_FLAGS_RETRY) return NULL; - fd = open (pin_source, O_BINARY | O_RDONLY); + fd = open (pin_source, O_BINARY | O_RDONLY | O_CLOEXEC); if (fd == -1) return NULL; |