From eb807027af9e126a212b0630c5873dddae48963b Mon Sep 17 00:00:00 2001
From: Rainer Gerhards <rgerhards@adiscon.com>
Date: Thu, 2 Apr 2009 15:12:57 +0200
Subject: added O_CLOEXEC to open() calls

to make sure only the minimum number of file handles is left open
during a exec call. This is not a 100% solution, as there are also
some fopen() calls and, more importantly, file descriptors opened
by libraries. But it is better than nothing (and it was quick, at
least until we run into platform hell, what we will for sure ;)).
---
 plugins/imklog/linux.c |  2 +-
 runtime/debug.c        |  2 +-
 tools/omfile.c         | 12 ++++++------
 tools/pidfile.c        |  2 +-
 tools/syslogd.c        |  2 +-
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/plugins/imklog/linux.c b/plugins/imklog/linux.c
index 198b7c0e..0dd4320d 100644
--- a/plugins/imklog/linux.c
+++ b/plugins/imklog/linux.c
@@ -144,7 +144,7 @@ static enum LOGSRC GetKernelLogSrc(void)
 		return(kernel);
 	}
 
-	if ( (kmsg = open(_PATH_KLOG, O_RDONLY)) < 0 )
+	if ( (kmsg = open(_PATH_KLOG, O_RDONLY|O_CLOEXEC)) < 0 )
 	{
 		imklogLogIntMsg(LOG_ERR, "imklog: Cannot open proc file system, %d.\n", errno);
 		ksyslog(7, NULL, 0); /* TODO: check this, implement more */
diff --git a/runtime/debug.c b/runtime/debug.c
index 96004e47..4ee90226 100644
--- a/runtime/debug.c
+++ b/runtime/debug.c
@@ -1343,7 +1343,7 @@ rsRetVal dbgClassInit(void)
 
 	if(pszAltDbgFileName != NULL) {
 		/* we have a secondary file, so let's open it) */
-		if((altdbg = open(pszAltDbgFileName, O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY, S_IRUSR|S_IWUSR)) == -1) {
+		if((altdbg = open(pszAltDbgFileName, O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY|O_CLOEXEC, S_IRUSR|S_IWUSR)) == -1) {
 			fprintf(stderr, "alternate debug file could not be opened, ignoring. Error: %s\n", strerror(errno));
 		}
 	}
diff --git a/tools/omfile.c b/tools/omfile.c
index 5141b4da..36f160d1 100644
--- a/tools/omfile.c
+++ b/tools/omfile.c
@@ -301,7 +301,7 @@ int resolveFileSizeLimit(instanceData *pData)
 
 	free(pCmd);
 
-	pData->fd = open((char*) pData->f_fname, O_WRONLY|O_APPEND|O_CREAT|O_NOCTTY,
+	pData->fd = open((char*) pData->f_fname, O_WRONLY|O_APPEND|O_CREAT|O_NOCTTY|O_CLOEXEC,
 			pData->fCreateMode);
 
 	actualFileSize = lseek(pData->fd, 0, SEEK_END);
@@ -394,13 +394,13 @@ prepareFile(instanceData *pData, uchar *newFileName)
 {
 	DEFiRet;
 	if(pData->fileType == eTypePIPE) {
-		pData->fd = open((char*) pData->f_fname, O_RDWR|O_NONBLOCK);
+		pData->fd = open((char*) pData->f_fname, O_RDWR|O_NONBLOCK|O_CLOEXEC);
 		FINALIZE; /* we are done in this case */
 	}
 
 	if(access((char*)newFileName, F_OK) == 0) {
 		/* file already exists */
-		pData->fd = open((char*) newFileName, O_WRONLY|O_APPEND|O_CREAT|O_NOCTTY,
+		pData->fd = open((char*) newFileName, O_WRONLY|O_APPEND|O_CREAT|O_NOCTTY|O_CLOEXEC,
 				pData->fCreateMode);
 	} else {
 		pData->fd = -1;
@@ -419,7 +419,7 @@ prepareFile(instanceData *pData, uchar *newFileName)
 		/* no matter if we needed to create directories or not, we now try to create
 		 * the file. -- rgerhards, 2008-12-18 (based on patch from William Tisater)
 		 */
-		pData->fd = open((char*) newFileName, O_WRONLY|O_APPEND|O_CREAT|O_NOCTTY,
+		pData->fd = open((char*) newFileName, O_WRONLY|O_APPEND|O_CREAT|O_NOCTTY|O_CLOEXEC,
 				pData->fCreateMode);
 		if(pData->fd != -1) {
 			/* check and set uid/gid */
@@ -653,7 +653,7 @@ again:
 			&& e == EBADF
 #endif
 			) {
-			pData->fd = open((char*) pData->f_fname, O_WRONLY|O_APPEND|O_NOCTTY);
+			pData->fd = open((char*) pData->f_fname, O_WRONLY|O_APPEND|O_NOCTTY|O_CLOEXEC);
 			if (pData->fd < 0) {
 				iRet = RS_RET_SUSPENDED;
 				errmsg.LogError(0, NO_ERRCODE, "%s", pData->f_fname);
@@ -742,7 +742,7 @@ CODESTARTparseSelectorAct
 			pData->bDynamicName = 0;
 			pData->fCreateMode = fCreateMode; /* preserve current setting */
 			pData->fDirCreateMode = fDirCreateMode; /* preserve current setting */
-			pData->fd = open((char*) pData->f_fname, O_WRONLY|O_APPEND|O_CREAT|O_NOCTTY,
+			pData->fd = open((char*) pData->f_fname, O_WRONLY|O_APPEND|O_CREAT|O_NOCTTY|O_CLOEXEC,
 					 pData->fCreateMode);
 		}
 		break;
diff --git a/tools/pidfile.c b/tools/pidfile.c
index 2be13da6..e7744513 100644
--- a/tools/pidfile.c
+++ b/tools/pidfile.c
@@ -97,7 +97,7 @@ int write_pid (char *pidfile)
   int fd;
   int pid;
 
-  if ( ((fd = open(pidfile, O_RDWR|O_CREAT, 0644)) == -1)
+  if ( ((fd = open(pidfile, O_RDWR|O_CREAT|O_CLOEXEC, 0644)) == -1)
        || ((f = fdopen(fd, "r+")) == NULL) ) {
       fprintf(stderr, "Can't open or create %s.\n", pidfile);
       return 0;
diff --git a/tools/syslogd.c b/tools/syslogd.c
index c72160fb..16f255ea 100644
--- a/tools/syslogd.c
+++ b/tools/syslogd.c
@@ -549,7 +549,7 @@ void untty(void)
 	int i;
 
 	if ( !Debug ) {
-		i = open(_PATH_TTY, O_RDWR);
+		i = open(_PATH_TTY, O_RDWR|O_CLOEXEC);
 		if (i >= 0) {
 #			if !defined(__hpux)
 				(void) ioctl(i, (int) TIOCNOTTY, (char *)0);
-- 
cgit v1.2.3