From 7bee4cecdd21911e498fafc6bdf1b98bcecff387 Mon Sep 17 00:00:00 2001 From: "Maciej S. Szmigiero" Date: Wed, 22 Feb 2023 00:29:31 +0100 Subject: [PATCH 1/3] grand: Use "e" mode flag in fopen () call for race-free setting of the close-on-exec flag It was missed when other fopen () call sites were converted since the code had it written as "fopen()" (without space before the opening parenthesis). --- glib/grand.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/glib/grand.c b/glib/grand.c index 1c56d0195..5fb44576d 100644 --- a/glib/grand.c +++ b/glib/grand.c @@ -230,7 +230,7 @@ g_rand_new (void) do { - dev_urandom = fopen("/dev/urandom", "rb"); + dev_urandom = fopen ("/dev/urandom", "rbe"); } while G_UNLIKELY (dev_urandom == NULL && errno == EINTR); From cbc15d6ceb62b98bd00aa9ac2f35161cc614afca Mon Sep 17 00:00:00 2001 From: "Maciej S. Szmigiero" Date: Wed, 22 Feb 2023 00:32:33 +0100 Subject: [PATCH 2/3] gunixmounts: Use "e" mode flag in setmntent () call for race-free setting of the close-on-exec flag setmntent () call uses the same mode flag set as fopen (), so it should also include the "e" mode flag for race-free setting of the close-on-exec flag. --- gio/gunixmounts.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/gio/gunixmounts.c b/gio/gunixmounts.c index 4a2f0a248..9e97ef1c9 100644 --- a/gio/gunixmounts.c +++ b/gio/gunixmounts.c @@ -585,7 +585,7 @@ _g_get_unix_mounts (void) read_file = get_mtab_read_file (); - file = setmntent (read_file, "r"); + file = setmntent (read_file, "re"); if (file == NULL) return NULL; @@ -727,7 +727,7 @@ _g_get_unix_mounts (void) read_file = get_mtab_read_file (); - file = setmntent (read_file, "r"); + file = setmntent (read_file, "re"); if (file == NULL) return NULL; @@ -1114,7 +1114,7 @@ _g_get_unix_mount_points (void) read_file = get_fstab_file (); - file = setmntent (read_file, "r"); + file = setmntent (read_file, "re"); if (file == NULL) return NULL; @@ -1203,7 +1203,7 @@ _g_get_unix_mount_points (void) read_file = get_fstab_file (); - file = setmntent (read_file, "r"); + file = setmntent (read_file, "re"); if (file == NULL) return NULL; @@ -1378,7 +1378,7 @@ _g_get_unix_mount_points (void) read_file = get_fstab_file (); - file = setmntent (read_file, "r"); + file = setmntent (read_file, "re"); if (file == NULL) return NULL; From 8f8ebb1bd0bec494a3037c3aa1c4922a241a89c9 Mon Sep 17 00:00:00 2001 From: "Maciej S. Szmigiero" Date: Wed, 22 Feb 2023 00:38:13 +0100 Subject: [PATCH 3/3] g_mkstemp: Use O_CLOEXEC for race-free setting of the close-on-exec flag mkstemp-like family of functions also use g_open () under the hood so they should pass the O_CLOEXEC flag there for race-free setting of the close-on-exec flag. --- gio/glocalfileoutputstream.c | 2 +- glib/gfileutils.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/gio/glocalfileoutputstream.c b/gio/glocalfileoutputstream.c index 74a642da8..6875811d0 100644 --- a/gio/glocalfileoutputstream.c +++ b/gio/glocalfileoutputstream.c @@ -1040,7 +1040,7 @@ handle_overwrite_open (const char *filename, tmp_filename = g_build_filename (dirname, ".goutputstream-XXXXXX", NULL); g_free (dirname); - tmpfd = g_mkstemp_full (tmp_filename, (readable ? O_RDWR : O_WRONLY) | O_BINARY, mode); + tmpfd = g_mkstemp_full (tmp_filename, (readable ? O_RDWR : O_WRONLY) | O_BINARY | O_CLOEXEC, mode); if (tmpfd == -1) { g_free (tmp_filename); diff --git a/glib/gfileutils.c b/glib/gfileutils.c index ef3fc90f2..4ed8171cc 100644 --- a/glib/gfileutils.c +++ b/glib/gfileutils.c @@ -1351,7 +1351,7 @@ g_file_set_contents_full (const gchar *filename, tmp_filename = g_strdup_printf ("%s.XXXXXX", filename); errno = 0; - fd = g_mkstemp_full (tmp_filename, O_RDWR | O_BINARY, mode); + fd = g_mkstemp_full (tmp_filename, O_RDWR | O_BINARY | O_CLOEXEC, mode); if (fd == -1) { @@ -1704,7 +1704,7 @@ g_mkstemp_full (gchar *tmpl, gint g_mkstemp (gchar *tmpl) { - return g_mkstemp_full (tmpl, O_RDWR | O_BINARY, 0600); + return g_mkstemp_full (tmpl, O_RDWR | O_BINARY | O_CLOEXEC, 0600); } static gint @@ -1826,7 +1826,7 @@ g_file_open_tmp (const gchar *tmpl, result = g_get_tmp_name (tmpl, &fulltemplate, wrap_g_open, - O_CREAT | O_EXCL | O_RDWR | O_BINARY, + O_CREAT | O_EXCL | O_RDWR | O_BINARY | O_CLOEXEC, 0600, error); if (result != -1)