From ee9aa86ad6d3cd49ed725b12f967e97461f8b6de Mon Sep 17 00:00:00 2001 From: ghelmer Date: Mon, 20 Feb 2012 13:59:24 +0000 Subject: Set the O_CLOEXEC flag when opening the pidfile to avoid leaking the file descriptor via exec(3). Now that daemon(8) has been fixed to resolve the issue noted by trociny, the consensus is that this change should be OK. --- lib/libutil/pidfile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/libutil/pidfile.c') diff --git a/lib/libutil/pidfile.c b/lib/libutil/pidfile.c index 55e3e0f..bca0315 100644 --- a/lib/libutil/pidfile.c +++ b/lib/libutil/pidfile.c @@ -124,7 +124,7 @@ pidfile_open(const char *path, mode_t mode, pid_t *pidptr) * pidfile_write() can be called multiple times. */ fd = flopen(pfh->pf_path, - O_WRONLY | O_CREAT | O_TRUNC | O_NONBLOCK, mode); + O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC | O_NONBLOCK, mode); if (fd == -1) { if (errno == EWOULDBLOCK && pidptr != NULL) { count = 20; -- cgit v1.1