isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Set close on exec flag for descriptors used for I/O logging so they

Browse Source 
are not present in the command being run.
This commit is contained in:
Todd C. Miller
2010-05-21 14:51:50 -04:00
parent d3d8364d4e
commit f59669fc20
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
plugins/sudoers/iolog.c
View File

@@ -209,6 +209,7 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
fd = open(pathbuf, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR); fd = open(pathbuf, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
if (fd == -1) if (fd == -1)
log_error(USE_ERRNO, "Can't create %s", pathbuf); log_error(USE_ERRNO, "Can't create %s", pathbuf);
fcntl(fd, F_SETFD, FD_CLOEXEC);
io_logfile = fdopen(fd, "w"); io_logfile = fdopen(fd, "w");
if (io_logfile == NULL) if (io_logfile == NULL)
log_error(USE_ERRNO, "fdopen"); log_error(USE_ERRNO, "fdopen");
@@ -217,6 +218,7 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
fd = open(pathbuf, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR); fd = open(pathbuf, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
if (fd == -1) if (fd == -1)
log_error(USE_ERRNO, "Can't create %s", pathbuf); log_error(USE_ERRNO, "Can't create %s", pathbuf);
fcntl(fd, F_SETFD, FD_CLOEXEC);
#ifdef HAVE_ZLIB #ifdef HAVE_ZLIB
if (def_compress_transcript) if (def_compress_transcript)
io_outfile.g = gzdopen(fd, "w"); io_outfile.g = gzdopen(fd, "w");
@@ -231,6 +233,7 @@ sudoers_io_open(unsigned int version, sudo_conv_t conversation,
fd = open(pathbuf, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR); fd = open(pathbuf, O_CREAT|O_EXCL|O_WRONLY, S_IRUSR|S_IWUSR);
if (fd == -1) if (fd == -1)
log_error(USE_ERRNO, "Can't create %s", pathbuf); log_error(USE_ERRNO, "Can't create %s", pathbuf);
fcntl(fd, F_SETFD, FD_CLOEXEC);
#ifdef HAVE_ZLIB #ifdef HAVE_ZLIB
if (def_compress_transcript) if (def_compress_transcript)
io_timfile.g = gzdopen(fd, "w"); io_timfile.g = gzdopen(fd, "w");