- Mark opened files as cloexec to prevent their leaking through fork

- Resolves: #462090
This commit is contained in:
Petr Machata 2008-09-22 08:42:20 +00:00
parent eb9bbd322e
commit 1de32610ae
2 changed files with 67 additions and 1 deletions

60
make-3.81-fdleak.patch Normal file
View File

@ -0,0 +1,60 @@
diff -urp make-3.81/read.c make-3.81-leak/read.c
--- make-3.81/read.c 2006-03-17 15:24:20.000000000 +0100
+++ make-3.81-leak/read.c 2008-09-16 16:43:12.000000000 +0200
@@ -296,6 +300,37 @@ restore_conditionals (struct conditional
conditionals = saved;
}
+/* If possible, open the file and mark it close-on-exec, so that make
+ doesn't leak the descriptor to binaries called via $(shell ...).*/
+static FILE *
+open_makefile (char *filename)
+{
+ FILE *fp;
+
+#if HAVE_FDOPEN
+ int fd = open (filename, O_RDONLY);
+ int save;
+ if (fd < 0)
+ return NULL;
+
+ fp = fdopen (fd, "r");
+ if (fp == NULL)
+ {
+ save = errno;
+ close (fd);
+ errno = save;
+ return NULL;
+ }
+
+ CLOSE_ON_EXEC (fd);
+
+#else
+ fp = fopen (filename, "r");
+#endif
+
+ return fp;
+}
+
static int
eval_makefile (char *filename, int flags)
{
@@ -335,7 +376,8 @@ eval_makefile (char *filename, int flags
filename = expanded;
}
- ebuf.fp = fopen (filename, "r");
+ ebuf.fp = open_makefile (filename);
+
/* Save the error code so we print the right message later. */
makefile_errno = errno;
@@ -348,7 +390,7 @@ eval_makefile (char *filename, int flags
for (i = 0; include_directories[i] != 0; ++i)
{
included = concat (include_directories[i], "/", filename);
- ebuf.fp = fopen (included, "r");
+ ebuf.fp = open_makefile (included);
if (ebuf.fp)
{
filename = included;

View File

@ -3,7 +3,7 @@ Summary: A GNU tool which simplifies the build process for users
Name: make
Epoch: 1
Version: 3.81
Release: 12%{?dist}
Release: 13%{?dist}
License: GPLv2+
Group: Development/Tools
URL: http://www.gnu.org/software/make/
@ -16,6 +16,7 @@ Patch7: make-3.81-memory.patch
Patch8: make-3.81-rlimit.patch
Patch9: make-3.81-newlines.patch
Patch10: make-3.81-jobserver.patch
Patch11: make-3.81-fdleak.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires(post): /sbin/install-info
Requires(preun): /sbin/install-info
@ -38,6 +39,7 @@ makefile.
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%build
%configure
@ -76,6 +78,10 @@ fi
%{_infodir}/*.info*
%changelog
* Tue Sep 16 2008 Petr Machata <pmachata@redhat.com> - 1:3.81-13
- Mark opened files as cloexec to prevent their leaking through fork
- Resolves: #462090
* Tue Mar 25 2008 Petr Machata <pmachata@redhat.com> - 1:3.81-12
- Fix the rlimit patch. The success flag is kept in memory shared
with parent process after vfork, and so cannot be reset.