vipw: do not let editor to inherit open file descriptors

author Sami Kerola <kerolasa@iki.fi>

Sun, 3 Dec 2017 12:51:14 +0000 (12:51 +0000)

committer Karel Zak <kzak@redhat.com>

Thu, 14 Dec 2017 14:44:29 +0000 (15:44 +0100)
author Sami Kerola <kerolasa@iki.fi>
Sun, 3 Dec 2017 12:51:14 +0000 (12:51 +0000)
committer Karel Zak <kzak@redhat.com>
Thu, 14 Dec 2017 14:44:29 +0000 (15:44 +0100)
diff --git a/login-utils/vipw.c b/login-utils/vipw.c

index b7650de8b98c78d658b1ede29b47489e97986f68..9b7696942793d4249c33674448ba503d77275245 100644 (file)
--- a/login-utils/vipw.c
+++ b/login-utils/vipw.c
@@ -257,7 +257,7 @@ static void edit_file(int is_shadow)
         if (lckpwdf() < 0)
                 err(EXIT_FAILURE, _("cannot get lock"));
  
-       passwd_file = open(orig_file, O_RDONLY, 0);
+       passwd_file = open(orig_file, O_RDONLY | O_CLOEXEC, 0);
         if (passwd_file < 0)
                 err(EXIT_FAILURE, _("cannot open %s"), orig_file);
         tmp_fd = pw_tmpfile(passwd_file);
@@ -275,7 +275,7 @@ static void edit_file(int is_shadow)
         if (end.st_nlink == 0) {
                 if (close_stream(tmp_fd) != 0)
                         err(EXIT_FAILURE, _("write error"));
-               tmp_fd = fopen(tmp_file, "r");
+               tmp_fd = fopen(tmp_file, "r" UL_CLOEXECSTR);
                 if (!tmp_fd)
                         err(EXIT_FAILURE, _("cannot open %s"), tmp_file);
                 if (fstat(fileno(tmp_fd), &end))
author	Sami Kerola <kerolasa@iki.fi>
	Sun, 3 Dec 2017 12:51:14 +0000 (12:51 +0000)
committer	Karel Zak <kzak@redhat.com>
	Thu, 14 Dec 2017 14:44:29 +0000 (15:44 +0100)