From fde4439701c797a5192e66202173fd331ec280f7 Mon Sep 17 00:00:00 2001 From: Guy Helmer Date: Mon, 20 Feb 2012 13:59:24 +0000 Subject: Set the O_CLOEXEC flag when opening the pidfile to avoid leaking the file descriptor via exec(3). Now that daemon(8) has been fixed to resolve the issue noted by trociny, the consensus is that this change should be OK. --- lib/libutil/pidfile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/libutil/pidfile.c b/lib/libutil/pidfile.c index 55e3e0fa18301..bca0315b219c0 100644 --- a/lib/libutil/pidfile.c +++ b/lib/libutil/pidfile.c @@ -124,7 +124,7 @@ pidfile_open(const char *path, mode_t mode, pid_t *pidptr) * pidfile_write() can be called multiple times. */ fd = flopen(pfh->pf_path, - O_WRONLY | O_CREAT | O_TRUNC | O_NONBLOCK, mode); + O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC | O_NONBLOCK, mode); if (fd == -1) { if (errno == EWOULDBLOCK && pidptr != NULL) { count = 20; -- cgit v1.2.3