1 diff -Naur ppp-e1266c7-orig/pppd/eap.c ppp-e1266c7/pppd/eap.c
2 --- ppp-e1266c7-orig/pppd/eap.c 2024-02-13 10:40:56.000000000 +0100
3 +++ ppp-e1266c7/pppd/eap.c 2024-03-15 10:40:53.637190252 +0100
6 if ((path = name_of_pn_file()) == NULL)
8 - fd = open(path, modebits, S_IRUSR | S_IWUSR);
9 + fd = open(path, modebits, S_IRUSR | S_IWUSR | O_CLOEXEC);
13 diff -Naur ppp-e1266c7-orig/pppd/main.c ppp-e1266c7/pppd/main.c
14 --- ppp-e1266c7-orig/pppd/main.c 2024-02-13 10:40:56.000000000 +0100
15 +++ ppp-e1266c7/pppd/main.c 2024-03-15 10:41:43.842037617 +0100
19 /* Make sure fds 0, 1, 2 are open to somewhere. */
20 - fd_devnull = open(PPP_DEVNULL, O_RDWR);
21 + fd_devnull = open(PPP_DEVNULL, O_RDWR | O_CLOEXEC);
23 fatal("Couldn't open %s: %m", PPP_DEVNULL);
24 while (fd_devnull <= 2) {
25 diff -Naur ppp-e1266c7-orig/pppd/options.c ppp-e1266c7/pppd/options.c
26 --- ppp-e1266c7-orig/pppd/options.c 2024-02-13 10:40:56.000000000 +0100
27 +++ ppp-e1266c7/pppd/options.c 2024-03-15 10:43:02.867753370 +0100
29 ppp_option_error("unable to drop permissions to open %s: %m", *argv);
32 - fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
33 + fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL | O_CLOEXEC, 0644);
34 if (fd < 0 && errno == EEXIST)
35 - fd = open(*argv, O_WRONLY | O_APPEND);
36 + fd = open(*argv, O_WRONLY | O_APPEND | O_CLOEXEC);
38 if (!privileged_option && seteuid(euid) == -1)
39 fatal("unable to regain privileges: %m");
40 diff -Naur ppp-e1266c7-orig/pppd/sys-linux.c ppp-e1266c7/pppd/sys-linux.c
41 --- ppp-e1266c7-orig/pppd/sys-linux.c 2024-02-13 10:40:56.000000000 +0100
42 +++ ppp-e1266c7/pppd/sys-linux.c 2024-03-15 10:49:59.310297165 +0100
46 dbglog("using channel %d", chindex);
47 - fd = open("/dev/ppp", O_RDWR);
48 + fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
50 error("Couldn't reopen /dev/ppp: %m");
53 dbglog("in make_ppp_unit, already had /dev/ppp open?");
56 - ppp_dev_fd = open("/dev/ppp", O_RDWR);
57 + ppp_dev_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
59 fatal("Couldn't open /dev/ppp: %m");
60 flags = fcntl(ppp_dev_fd, F_GETFL);
62 if (!new_style_driver)
65 - master_fd = open("/dev/ppp", O_RDWR);
66 + master_fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
68 fatal("Couldn't open /dev/ppp: %m");
69 if (ioctl(master_fd, PPPIOCATTACH, &ifnum) < 0) {
72 forw_path = path_to_procfs("/sys/net/ipv4/ip_forward");
74 - int fd = open(forw_path, O_WRONLY);
75 + int fd = open(forw_path, O_WRONLY | O_CLOEXEC);
77 if (write(fd, "1", 1) != 1)
78 error("Couldn't enable IP forwarding: %m");
80 sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch);
81 kernel_version = KVERSION(osmaj, osmin, ospatch);
83 - fd = open("/dev/ppp", O_RDWR);
84 + fd = open("/dev/ppp", O_RDWR | O_CLOEXEC);
90 updwtmp(_PATH_WTMP, &ut);
92 - wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY);
93 + wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY|O_CLOEXEC);
100 path = path_to_procfs("/sys/net/ipv4/ip_dynaddr");
101 - if (path != 0 && (fd = open(path, O_WRONLY)) >= 0) {
102 + if (path != 0 && (fd = open(path, O_WRONLY | O_CLOEXEC)) >= 0) {
103 if (write(fd, "1", 1) != 1)
104 error("Couldn't enable dynamic IP addressing: %m");
106 @@ -3542,7 +3542,7 @@
108 * Try the unix98 way first.
110 - mfd = open("/dev/ptmx", O_RDWR);
111 + mfd = open("/dev/ptmx", O_RDWR | O_CLOEXEC);
114 if (ioctl(mfd, TIOCGPTN, &ptn) >= 0) {
115 @@ -3553,7 +3553,8 @@
116 if (ioctl(mfd, TIOCSPTLCK, &ptn) < 0)
117 warn("Couldn't unlock pty slave %s: %m", pty_name);
119 - if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
121 + if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
123 warn("Couldn't open pty slave %s: %m", pty_name);
125 @@ -3567,10 +3568,10 @@
126 for (i = 0; i < 64; ++i) {
127 slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
128 'p' + i / 16, i % 16);
129 - mfd = open(pty_name, O_RDWR, 0);
130 + mfd = open(pty_name, O_RDWR | O_CLOEXEC, 0);
133 - sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
134 + sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC, 0);
136 ret = fchown(sfd, uid, -1);
138 diff -Naur ppp-e1266c7-orig/pppd/tdb.c ppp-e1266c7/pppd/tdb.c
139 --- ppp-e1266c7-orig/pppd/tdb.c 2024-02-13 10:40:56.000000000 +0100
140 +++ ppp-e1266c7/pppd/tdb.c 2024-03-15 10:51:25.182882191 +0100
141 @@ -1732,7 +1732,7 @@
145 - if ((tdb->fd = open(name, open_flags, mode)) == -1) {
146 + if ((tdb->fd = open(name, open_flags | O_CLOEXEC, mode)) == -1) {
147 if ((open_flags & O_CREAT) && errno == ENOENT &&
148 mkdir_recursive(PPP_PATH_VARRUN) == 0)
150 @@ -1979,7 +1979,7 @@
152 if (close(tdb->fd) != 0)
153 TDB_LOG((tdb, 0, "tdb_reopen: WARNING closing tdb->fd failed!\n"));
154 - tdb->fd = open(tdb->name, tdb->open_flags & ~(O_CREAT|O_TRUNC), 0);
155 + tdb->fd = open(tdb->name, (tdb->open_flags & ~(O_CREAT|O_TRUNC)) | O_CLOEXEC, 0);
157 TDB_LOG((tdb, 0, "tdb_reopen: open failed (%s)\n", strerror(errno)));
159 diff -Naur ppp-e1266c7-orig/pppd/tty.c ppp-e1266c7/pppd/tty.c
160 --- ppp-e1266c7-orig/pppd/tty.c 2024-02-13 10:40:56.000000000 +0100
161 +++ ppp-e1266c7/pppd/tty.c 2024-03-15 10:52:35.828341901 +0100
163 ppp_set_status(EXIT_OPEN_FAILED);
166 - real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
167 + real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR | O_CLOEXEC, 0);
169 if (prio < OPRIO_ROOT && seteuid(0) == -1)
170 fatal("Unable to regain privileges");
172 if (connector == NULL && modem && devnam[0] != 0) {
175 - if ((i = open(devnam, O_RDWR)) >= 0)
176 + if ((i = open(devnam, O_RDWR | O_CLOEXEC)) >= 0)
178 if (errno != EINTR) {
179 error("Failed to reopen %s: %m", devnam);
180 diff -Naur ppp-e1266c7-orig/pppd/utils.c ppp-e1266c7/pppd/utils.c
181 --- ppp-e1266c7-orig/pppd/utils.c 2024-02-13 10:40:56.000000000 +0100
182 +++ ppp-e1266c7/pppd/utils.c 2024-03-15 10:55:27.176832115 +0100
183 @@ -926,14 +926,14 @@
184 slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev);
187 - while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
188 + while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR | O_CLOEXEC, 0644)) < 0) {
189 if (errno != EEXIST) {
190 error("Can't create lock file %s: %m", lock_file);
194 /* Read the lock file to find out who has the device locked. */
195 - fd = open(lock_file, O_RDONLY, 0);
196 + fd = open(lock_file, O_RDONLY | O_CLOEXEC, 0);
198 if (errno == ENOENT) /* This is just a timing problem. */
200 @@ -1016,7 +1016,7 @@
202 if (lock_file[0] == 0)
204 - fd = open(lock_file, O_WRONLY, 0);
205 + fd = open(lock_file, O_WRONLY | O_CLOEXEC, 0);
207 error("Couldn't reopen lock file %s: %m", lock_file);