Open /dev/vsock with O_RDONLY.

There is no reason to open the device node for writes because we only
ever call ioctl(2) on it and none of the ioctls require write
permissions. This allows our more security concious customers to
restrict the permissions on the device without breaking functionality.

Signed-off-by: Dmitry Torokhov <dtor@vmware.com>

diff --git a/open-vm-tools/lib/include/vmci_sockets.h b/open-vm-tools/lib/include/vmci_sockets.h
index e31f39e74eb206a36a753af70895a9c91731bf0b..e45e20ddd5a27013a75dbfd0288cd7004c77216c 100644 (file)
--- a/open-vm-tools/lib/include/vmci_sockets.h
+++ b/open-vm-tools/lib/include/vmci_sockets.h
@@ -559,9 +559,9 @@ struct uuid_2_cid {
       int fd;
       unsigned int version;
 
-      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDWR);
+      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDONLY);
       if (fd < 0) {
-         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDWR);
+         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDONLY);
          if (fd < 0) {
             return VMCI_SOCKETS_INVALID_VERSION;
          }
@@ -644,9 +644,9 @@ struct uuid_2_cid {
 #undef AF_VSOCK_LOCAL
 #endif // linux
 
-      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDWR);
+      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDONLY);
       if (fd < 0) {
-         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDWR);
+         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDONLY);
          if (fd < 0) {
             return -1;
          }
@@ -765,9 +765,9 @@ struct uuid_2_cid {
       int fd;
       unsigned int contextId;
 
-      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDWR);
+      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDONLY);
       if (fd < 0) {
-         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDWR);
+         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDONLY);
          if (fd < 0) {
             return VMADDR_CID_ANY;
          }
@@ -818,9 +818,9 @@ struct uuid_2_cid {
       int fd;
       struct uuid_2_cid io;
 
-      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDWR);
+      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDONLY);
       if (fd < 0) {
-         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDWR);
+         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDONLY);
          if (fd < 0) {
             return VMADDR_CID_ANY;
          }