- Mark opened files as cloexec to prevent their leaking through fork
- Resolves: #462090
This commit is contained in:
parent
eb9bbd322e
commit
1de32610ae
60
make-3.81-fdleak.patch
Normal file
60
make-3.81-fdleak.patch
Normal file
@ -0,0 +1,60 @@
|
||||
diff -urp make-3.81/read.c make-3.81-leak/read.c
|
||||
--- make-3.81/read.c 2006-03-17 15:24:20.000000000 +0100
|
||||
+++ make-3.81-leak/read.c 2008-09-16 16:43:12.000000000 +0200
|
||||
@@ -296,6 +300,37 @@ restore_conditionals (struct conditional
|
||||
conditionals = saved;
|
||||
}
|
||||
|
||||
+/* If possible, open the file and mark it close-on-exec, so that make
|
||||
+ doesn't leak the descriptor to binaries called via $(shell ...).*/
|
||||
+static FILE *
|
||||
+open_makefile (char *filename)
|
||||
+{
|
||||
+ FILE *fp;
|
||||
+
|
||||
+#if HAVE_FDOPEN
|
||||
+ int fd = open (filename, O_RDONLY);
|
||||
+ int save;
|
||||
+ if (fd < 0)
|
||||
+ return NULL;
|
||||
+
|
||||
+ fp = fdopen (fd, "r");
|
||||
+ if (fp == NULL)
|
||||
+ {
|
||||
+ save = errno;
|
||||
+ close (fd);
|
||||
+ errno = save;
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ CLOSE_ON_EXEC (fd);
|
||||
+
|
||||
+#else
|
||||
+ fp = fopen (filename, "r");
|
||||
+#endif
|
||||
+
|
||||
+ return fp;
|
||||
+}
|
||||
+
|
||||
static int
|
||||
eval_makefile (char *filename, int flags)
|
||||
{
|
||||
@@ -335,7 +376,8 @@ eval_makefile (char *filename, int flags
|
||||
filename = expanded;
|
||||
}
|
||||
|
||||
- ebuf.fp = fopen (filename, "r");
|
||||
+ ebuf.fp = open_makefile (filename);
|
||||
+
|
||||
/* Save the error code so we print the right message later. */
|
||||
makefile_errno = errno;
|
||||
|
||||
@@ -348,7 +390,7 @@ eval_makefile (char *filename, int flags
|
||||
for (i = 0; include_directories[i] != 0; ++i)
|
||||
{
|
||||
included = concat (include_directories[i], "/", filename);
|
||||
- ebuf.fp = fopen (included, "r");
|
||||
+ ebuf.fp = open_makefile (included);
|
||||
if (ebuf.fp)
|
||||
{
|
||||
filename = included;
|
@ -3,7 +3,7 @@ Summary: A GNU tool which simplifies the build process for users
|
||||
Name: make
|
||||
Epoch: 1
|
||||
Version: 3.81
|
||||
Release: 12%{?dist}
|
||||
Release: 13%{?dist}
|
||||
License: GPLv2+
|
||||
Group: Development/Tools
|
||||
URL: http://www.gnu.org/software/make/
|
||||
@ -16,6 +16,7 @@ Patch7: make-3.81-memory.patch
|
||||
Patch8: make-3.81-rlimit.patch
|
||||
Patch9: make-3.81-newlines.patch
|
||||
Patch10: make-3.81-jobserver.patch
|
||||
Patch11: make-3.81-fdleak.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||||
Requires(post): /sbin/install-info
|
||||
Requires(preun): /sbin/install-info
|
||||
@ -38,6 +39,7 @@ makefile.
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
%patch10 -p1
|
||||
%patch11 -p1
|
||||
|
||||
%build
|
||||
%configure
|
||||
@ -76,6 +78,10 @@ fi
|
||||
%{_infodir}/*.info*
|
||||
|
||||
%changelog
|
||||
* Tue Sep 16 2008 Petr Machata <pmachata@redhat.com> - 1:3.81-13
|
||||
- Mark opened files as cloexec to prevent their leaking through fork
|
||||
- Resolves: #462090
|
||||
|
||||
* Tue Mar 25 2008 Petr Machata <pmachata@redhat.com> - 1:3.81-12
|
||||
- Fix the rlimit patch. The success flag is kept in memory shared
|
||||
with parent process after vfork, and so cannot be reset.
|
||||
|
Loading…
Reference in New Issue
Block a user