diff options
| -rw-r--r-- | lib/libutil/pidfile.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/lib/libutil/pidfile.c b/lib/libutil/pidfile.c index 953d1e0..fcd504c 100644 --- a/lib/libutil/pidfile.c +++ b/lib/libutil/pidfile.c @@ -137,6 +137,20 @@ pidfile_open(const char *path, mode_t mode, pid_t *pidptr) free(pfh); return (NULL); } + + /* + * Prevent the file descriptor from escaping to other + * programs via exec(3). + */ + if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) { + error = errno; + unlink(pfh->pf_path); + close(fd); + free(pfh); + errno = error; + return (NULL); + } + /* * Remember file information, so in pidfile_write() we are sure we write * to the proper descriptor. |
