]>
Commit | Line | Data |
---|---|---|
27a3ef98 AB |
1 | diff -Naur pppd.orig/eap.c pppd/eap.c |
2 | --- pppd.orig/eap.c 2023-03-25 05:38:30.000000000 +0100 | |
3 | +++ pppd/eap.c 2023-06-30 12:58:07.984676045 +0200 | |
4 | @@ -1542,7 +1542,7 @@ | |
172c1f72 MT |
5 | |
6 | if ((path = name_of_pn_file()) == NULL) | |
7 | return (-1); | |
8 | - fd = open(path, modebits, S_IRUSR | S_IWUSR); | |
9 | + fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC); | |
10 | err = errno; | |
11 | free(path); | |
12 | errno = err; | |
27a3ef98 AB |
13 | diff -Naur pppd.orig/main.c pppd/main.c |
14 | --- pppd.orig/main.c 2023-03-25 05:38:30.000000000 +0100 | |
15 | +++ pppd/main.c 2023-06-30 13:00:15.155195676 +0200 | |
16 | @@ -479,7 +479,7 @@ | |
172c1f72 MT |
17 | die(0); |
18 | ||
19 | /* Make sure fds 0, 1, 2 are open to somewhere. */ | |
27a3ef98 AB |
20 | - fd_devnull = open(PPP_DEVNULL, O_RDWR); |
21 | + fd_devnull = open(PPP_DEVNULL, O_RDWR | O_CLOEXEC); | |
172c1f72 | 22 | if (fd_devnull < 0) |
27a3ef98 | 23 | fatal("Couldn't open %s: %m", PPP_DEVNULL); |
172c1f72 | 24 | while (fd_devnull <= 2) { |
27a3ef98 AB |
25 | diff -Naur pppd.orig/options.c pppd/options.c |
26 | --- pppd.orig/options.c 2023-06-30 12:42:19.262593140 +0200 | |
27 | +++ pppd/options.c 2023-06-30 13:01:58.388323345 +0200 | |
28 | @@ -1718,9 +1718,9 @@ | |
29 | ppp_option_error("unable to drop permissions to open %s: %m", *argv); | |
172c1f72 MT |
30 | return 0; |
31 | } | |
32 | - fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); | |
33 | + fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644); | |
34 | if (fd < 0 && errno == EEXIST) | |
35 | - fd = open(*argv, O_WRONLY | O_APPEND); | |
36 | + fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC); | |
37 | err = errno; | |
38 | if (!privileged_option && seteuid(euid) == -1) | |
39 | fatal("unable to regain privileges: %m"); | |
27a3ef98 AB |
40 | diff -Naur pppd.orig/sys-linux.c pppd/sys-linux.c |
41 | --- pppd.orig/sys-linux.c 2023-06-30 12:43:20.634453475 +0200 | |
42 | +++ pppd/sys-linux.c 2023-06-30 13:11:25.715511251 +0200 | |
43 | @@ -666,7 +666,7 @@ | |
172c1f72 MT |
44 | goto err; |
45 | } | |
46 | dbglog("using channel %d", chindex); | |
47 | - fd = open("/dev/ppp", O_RDWR); | |
48 | + fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); | |
49 | if (fd < 0) { | |
50 | error("Couldn't reopen /dev/ppp: %m"); | |
51 | goto err; | |
27a3ef98 | 52 | @@ -904,7 +904,7 @@ |
172c1f72 MT |
53 | dbglog("in make_ppp_unit, already had /dev/ppp open?"); |
54 | close(ppp_dev_fd); | |
55 | } | |
56 | - ppp_dev_fd = open("/dev/ppp", O_RDWR); | |
57 | + ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); | |
58 | if (ppp_dev_fd < 0) | |
59 | fatal("Couldn't open /dev/ppp: %m"); | |
60 | flags = fcntl(ppp_dev_fd, F_GETFL); | |
27a3ef98 | 61 | @@ -1025,7 +1025,7 @@ |
172c1f72 MT |
62 | if (!new_style_driver) |
63 | return -1; | |
64 | ||
65 | - master_fd = open("/dev/ppp", O_RDWR); | |
66 | + master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); | |
67 | if (master_fd < 0) | |
68 | fatal("Couldn't open /dev/ppp: %m"); | |
69 | if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) { | |
27a3ef98 | 70 | @@ -2533,7 +2533,7 @@ |
172c1f72 MT |
71 | if (tune_kernel) { |
72 | forw_path = path_to_procfs("/sys/net/ipv4/ip_forward"); | |
73 | if (forw_path != 0) { | |
74 | - int fd = open(forw_path, O_WRONLY); | |
75 | + int fd = open(forw_path, O_WRONLY | O_CLOEXEC); | |
76 | if (fd >= 0) { | |
77 | if (write(fd, "1", 1) != 1) | |
78 | error("Couldn't enable IP forwarding: %m"); | |
27a3ef98 | 79 | @@ -2878,7 +2878,7 @@ |
172c1f72 MT |
80 | sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch); |
81 | kernel_version = KVERSION(osmaj, osmin, ospatch); | |
82 | ||
83 | - fd = open("/dev/ppp", O_RDWR); | |
84 | + fd = open("/dev/ppp", O_RDWR | O_CLOEXEC); | |
85 | if (fd >= 0) { | |
86 | new_style_driver = 1; | |
87 | ||
27a3ef98 | 88 | @@ -3056,7 +3056,7 @@ |
172c1f72 MT |
89 | #if __GLIBC__ >= 2 |
90 | updwtmp(_PATH_WTMP, &ut); | |
91 | #else | |
92 | - wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY); | |
93 | + wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC); | |
94 | if (wtmp >= 0) { | |
95 | flock(wtmp, LOCK_EX); | |
96 | ||
27a3ef98 | 97 | @@ -3280,7 +3280,7 @@ |
172c1f72 MT |
98 | int fd; |
99 | ||
100 | path = path_to_procfs("/sys/net/ipv4/ip_dynaddr"); | |
101 | - if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) { | |
102 | + if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) { | |
103 | if (write(fd, "1", 1) != 1) | |
104 | error("Couldn't enable dynamic IP addressing: %m"); | |
105 | close(fd); | |
27a3ef98 | 106 | @@ -3534,7 +3534,7 @@ |
172c1f72 MT |
107 | /* |
108 | * Try the unix98 way first. | |
109 | */ | |
110 | - mfd = open("/dev/ptmx", O_RDWR); | |
111 | + mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC); | |
112 | if (mfd >= 0) { | |
113 | int ptn; | |
114 | if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) { | |
27a3ef98 | 115 | @@ -3545,7 +3545,8 @@ |
172c1f72 MT |
116 | if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0) |
117 | warn("Couldn't unlock pty slave %s: %m", pty_name); | |
118 | #endif | |
119 | - if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0) | |
8f60b4ff | 120 | + |
27a3ef98 AB |
121 | + if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0) |
122 | { | |
172c1f72 | 123 | warn("Couldn't open pty slave %s: %m", pty_name); |
27a3ef98 AB |
124 | close(mfd); |
125 | @@ -3559,10 +3560,10 @@ | |
172c1f72 MT |
126 | for (i = 0; i < 64; ++i) { |
127 | slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x", | |
128 | 'p' + i / 16, i % 16); | |
129 | - mfd = open(pty_name, O_RDWR, 0); | |
130 | + mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0); | |
131 | if (mfd >= 0) { | |
132 | pty_name[5] = 't'; | |
133 | - sfd = open(pty_name, O_RDWR | O_NOCTTY, 0); | |
134 | + sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0); | |
135 | if (sfd >= 0) { | |
27a3ef98 AB |
136 | ret = fchown(sfd, uid, -1); |
137 | if (ret != 0) { | |
138 | diff -Naur pppd.orig/tdb.c pppd/tdb.c | |
139 | --- pppd.orig/tdb.c 2021-07-23 06:41:07.000000000 +0200 | |
140 | +++ pppd/tdb.c 2023-06-30 13:12:55.034900600 +0200 | |
141 | @@ -1728,7 +1728,7 @@ | |
172c1f72 MT |
142 | goto internal; |
143 | } | |
144 | ||
145 | - if ((tdb->fd = open(name, open_flags, mode)) == -1) { | |
146 | + if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) { | |
147 | TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n", | |
148 | name, strerror(errno))); | |
149 | goto fail; /* errno set by open(2) */ | |
27a3ef98 | 150 | @@ -1971,7 +1971,7 @@ |
172c1f72 MT |
151 | } |
152 | if (close(tdb->fd) != 0) | |
153 | TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n")); | |
154 | - tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0); | |
155 | + tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0); | |
156 | if (tdb->fd == -1) { | |
157 | TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno))); | |
158 | goto fail; | |
27a3ef98 AB |
159 | diff -Naur pppd.orig/tty.c pppd/tty.c |
160 | --- pppd.orig/tty.c 2023-03-25 05:38:30.000000000 +0100 | |
161 | +++ pppd/tty.c 2023-06-30 13:14:06.450418113 +0200 | |
162 | @@ -621,7 +621,7 @@ | |
163 | ppp_set_status(EXIT_OPEN_FAILED); | |
172c1f72 MT |
164 | goto errret; |
165 | } | |
166 | - real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0); | |
167 | + real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0); | |
168 | err = errno; | |
169 | if (prio < OPRIO_ROOT && seteuid(0) == -1) | |
170 | fatal("Unable to regain privileges"); | |
27a3ef98 | 171 | @@ -775,7 +775,7 @@ |
172c1f72 MT |
172 | if (connector == NULL && modem && devnam[0] != 0) { |
173 | int i; | |
174 | for (;;) { | |
175 | - if ((i = open(devnam, O_RDWR)) >= 0) | |
176 | + if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0) | |
177 | break; | |
178 | if (errno != EINTR) { | |
179 | error("Failed to reopen %s: %m", devnam); | |
27a3ef98 AB |
180 | diff -Naur pppd.orig/utils.c pppd/utils.c |
181 | --- pppd.orig/utils.c 2022-12-30 02:12:39.000000000 +0100 | |
182 | +++ pppd/utils.c 2023-06-30 13:15:47.860182369 +0200 | |
183 | @@ -843,14 +843,14 @@ | |
184 | slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev); | |
172c1f72 MT |
185 | #endif |
186 | ||
187 | - while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { | |
188 | + while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) { | |
189 | if (errno != EEXIST) { | |
190 | error("Can't create lock file %s: %m", lock_file); | |
191 | break; | |
192 | } | |
193 | ||
194 | /* Read the lock file to find out who has the device locked. */ | |
195 | - fd = open(lock_file, O_RDONLY, 0); | |
196 | + fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0); | |
197 | if (fd < 0) { | |
198 | if (errno == ENOENT) /* This is just a timing problem. */ | |
199 | continue; | |
27a3ef98 | 200 | @@ -933,7 +933,7 @@ |
172c1f72 MT |
201 | |
202 | if (lock_file[0] == 0) | |
203 | return -1; | |
204 | - fd = open(lock_file, O_WRONLY, 0); | |
205 | + fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0); | |
206 | if (fd < 0) { | |
207 | error("Couldn't reopen lock file %s: %m", lock_file); | |
208 | lock_file[0] = 0; |