From: VMware, Inc <>
Date: Fri, 12 Apr 2013 19:57:30 +0000 (-0700)
Subject: Open /dev/vsock with O_RDONLY.
X-Git-Tag: 2013.04.16-1098359~7
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cf2aba89fb68af09533b1708ff323141853b6ef9;p=thirdparty%2Fopen-vm-tools.git

Open /dev/vsock with O_RDONLY.

There is no reason to open the device node for writes because we only
ever call ioctl(2) on it and none of the ioctls require write
permissions. This allows our more security concious customers to
restrict the permissions on the device without breaking functionality.

Signed-off-by: Dmitry Torokhov <dtor@vmware.com>
---

diff --git a/open-vm-tools/lib/include/vmci_sockets.h b/open-vm-tools/lib/include/vmci_sockets.h
index e31f39e74..e45e20ddd 100644
--- a/open-vm-tools/lib/include/vmci_sockets.h
+++ b/open-vm-tools/lib/include/vmci_sockets.h
@@ -559,9 +559,9 @@ struct uuid_2_cid {
       int fd;
       unsigned int version;
 
-      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDWR);
+      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDONLY);
       if (fd < 0) {
-         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDWR);
+         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDONLY);
          if (fd < 0) {
             return VMCI_SOCKETS_INVALID_VERSION;
          }
@@ -644,9 +644,9 @@ struct uuid_2_cid {
 #undef AF_VSOCK_LOCAL
 #endif // linux
 
-      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDWR);
+      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDONLY);
       if (fd < 0) {
-         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDWR);
+         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDONLY);
          if (fd < 0) {
             return -1;
          }
@@ -765,9 +765,9 @@ struct uuid_2_cid {
       int fd;
       unsigned int contextId;
 
-      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDWR);
+      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDONLY);
       if (fd < 0) {
-         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDWR);
+         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDONLY);
          if (fd < 0) {
             return VMADDR_CID_ANY;
          }
@@ -818,9 +818,9 @@ struct uuid_2_cid {
       int fd;
       struct uuid_2_cid io;
 
-      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDWR);
+      fd = open(VMCI_SOCKETS_DEFAULT_DEVICE, O_RDONLY);
       if (fd < 0) {
-         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDWR);
+         fd = open(VMCI_SOCKETS_CLASSIC_ESX_DEVICE, O_RDONLY);
          if (fd < 0) {
             return VMADDR_CID_ANY;
          }