From: Sami Kerola <kerolasa@iki.fi>
Date: Sun, 3 Dec 2017 12:51:14 +0000 (+0000)
Subject: vipw: do not let editor to inherit open file descriptors
X-Git-Tag: v2.32-rc1~149
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a16f45d4f6c17f9f7baf65b32a8e2b2ebe6c1bc2;p=thirdparty%2Futil-linux.git

vipw: do not let editor to inherit open file descriptors

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---

diff --git a/login-utils/vipw.c b/login-utils/vipw.c
index b7650de8b9..9b76969427 100644
--- a/login-utils/vipw.c
+++ b/login-utils/vipw.c
@@ -257,7 +257,7 @@ static void edit_file(int is_shadow)
 	if (lckpwdf() < 0)
 		err(EXIT_FAILURE, _("cannot get lock"));
 
-	passwd_file = open(orig_file, O_RDONLY, 0);
+	passwd_file = open(orig_file, O_RDONLY | O_CLOEXEC, 0);
 	if (passwd_file < 0)
 		err(EXIT_FAILURE, _("cannot open %s"), orig_file);
 	tmp_fd = pw_tmpfile(passwd_file);
@@ -275,7 +275,7 @@ static void edit_file(int is_shadow)
 	if (end.st_nlink == 0) {
 		if (close_stream(tmp_fd) != 0)
 			err(EXIT_FAILURE, _("write error"));
-		tmp_fd = fopen(tmp_file, "r");
+		tmp_fd = fopen(tmp_file, "r" UL_CLOEXECSTR);
 		if (!tmp_fd)
 			err(EXIT_FAILURE, _("cannot open %s"), tmp_file);
 		if (fstat(fileno(tmp_fd), &end))