aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJacques Vidrine <nectar@FreeBSD.org>2002-09-13 15:09:07 +0000
committerJacques Vidrine <nectar@FreeBSD.org>2002-09-13 15:09:07 +0000
commitb3fe4d7484f7b6614de8a6a2245cd563727e0df4 (patch)
tree54fa36cf2c58f49aa983e65bee4059bfbde22af3
parent9bdb0eedcc20e0b568125542a99be8b84de2d2bb (diff)
downloadsrc-b3fe4d7484f7b6614de8a6a2245cd563727e0df4.tar.gz
src-b3fe4d7484f7b6614de8a6a2245cd563727e0df4.zip
MFC src/lib/libkvm/kvm.c 1.23: mark file descriptors close-on-exec.
Notes
Notes: svn path=/releng/4.4/; revision=103292
-rw-r--r--UPDATING5
-rw-r--r--lib/libkvm/kvm.c12
2 files changed, 17 insertions, 0 deletions
diff --git a/UPDATING b/UPDATING
index 6eb37f7efb73..b1c1ba050a04 100644
--- a/UPDATING
+++ b/UPDATING
@@ -17,6 +17,11 @@ minimal number of processes, if possible, for that patch. For those
updates that don't have an advisory, or to be safe, you can do a full
build and install as described in the COMMON ITEMS section.
+20020911: p27
+ The kvm_openfiles/kvm_open functions now mark the returned file
+ descriptors close-on-exec in case set-user-ID/set-group-ID
+ applications are careless.
+
20020813: p26 FreeBSD-SA-02:38.signed-error
Bounds checking errors in accept(), getsockname(),
getpeername(), and a VESA ioctl() command were corrected.
diff --git a/lib/libkvm/kvm.c b/lib/libkvm/kvm.c
index d4a7645857e9..e7bde960d3ea 100644
--- a/lib/libkvm/kvm.c
+++ b/lib/libkvm/kvm.c
@@ -206,6 +206,10 @@ _kvm_open(kd, uf, mf, flag, errout)
_kvm_syserr(kd, kd->program, "%s", mf);
goto failed;
}
+ if (fcntl(kd->pmfd, F_SETFD, FD_CLOEXEC) < 0) {
+ _kvm_syserr(kd, kd->program, "%s", mf);
+ goto failed;
+ }
if (S_ISCHR(st.st_mode)) {
/*
* If this is a character special device, then check that
@@ -224,6 +228,10 @@ _kvm_open(kd, uf, mf, flag, errout)
_kvm_syserr(kd, kd->program, "%s", _PATH_KMEM);
goto failed;
}
+ if (fcntl(kd->vmfd, F_SETFD, FD_CLOEXEC) < 0) {
+ _kvm_syserr(kd, kd->program, "%s", _PATH_KMEM);
+ goto failed;
+ }
}
} else {
/*
@@ -235,6 +243,10 @@ _kvm_open(kd, uf, mf, flag, errout)
_kvm_syserr(kd, kd->program, "%s", uf);
goto failed;
}
+ if (fcntl(kd->nlfd, F_SETFD, FD_CLOEXEC) < 0) {
+ _kvm_syserr(kd, kd->program, "%s", uf);
+ goto failed;
+ }
if (_kvm_initvtop(kd) < 0)
goto failed;
}