libc: Use O_CLOEXEC for various internal file descriptors.

This fixes a race condition where another thread may fork() before CLOEXEC
is set, unintentionally passing the descriptor to the child process.

This commit only adds O_CLOEXEC flags to open() or openat() calls where no
fcntl(fd, F_SETFD, FD_CLOEXEC) follows. The separate fcntl() call still
leaves a race window so it should be fixed later.

2 files changed, 2 insertions, 2 deletions

diff --git a/lib/libc/stdlib/rand.c b/lib/libc/stdlib/rand.c
index 077c1ba..3835976 100644
--- a/lib/libc/stdlib/rand.c
+++ b/lib/libc/stdlib/rand.c
@@ -121,7 +121,7 @@ sranddev()
 	int fd, done;
 
 	done = 0;
-	fd = _open("/dev/random", O_RDONLY, 0);
+	fd = _open("/dev/random", O_RDONLY | O_CLOEXEC, 0);
 	if (fd >= 0) {
 		if (_read(fd, (void *) &next, sizeof(next)) == sizeof(next))
 			done = 1;
diff --git a/lib/libc/stdlib/random.c b/lib/libc/stdlib/random.c
index 6da5419..4a1af54 100644
--- a/lib/libc/stdlib/random.c
+++ b/lib/libc/stdlib/random.c
@@ -303,7 +303,7 @@ srandomdev(void)
 		len = rand_deg * sizeof state[0];
 
 	done = 0;
-	fd = _open("/dev/random", O_RDONLY, 0);
+	fd = _open("/dev/random", O_RDONLY | O_CLOEXEC, 0);
 	if (fd >= 0) {
 		if (_read(fd, (void *) state, len) == (ssize_t) len)
 			done = 1;