lib/: Set O_CLOEXEC for static FILE handles

With glibc we can use "e" in mode argument to set O_CLOEXEC on
opened files. The /etc/shadow and /etc/gshadow file handles should
be protected to make sure that they are never passed to child
processes by accident.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>

diff --git a/lib/gshadow.c b/lib/gshadow.c
index e66704a2f367e7be9a550e5a092e2df42b2dc161..072166f63e9616f9626b1b55106ed538ec33d7b1 100644 (file)
--- a/lib/gshadow.c
+++ b/lib/gshadow.c
@@ -55,7 +55,7 @@ void setsgent (void)
        if (NULL != shadow) {
                rewind (shadow);
        } else {
-               shadow = fopen (SGROUP_FILE, "r");
+               shadow = fopen (SGROUP_FILE, "re");
        }
 }
 

diff --git a/lib/shadow.c b/lib/shadow.c
index 3bacd204c3844366257307aed135093ecd81a0b3..cc1edc96c92fed006352ee9d0b3c392a4cde2684 100644 (file)
--- a/lib/shadow.c
+++ b/lib/shadow.c
@@ -41,7 +41,7 @@ void setspent (void)
        if (NULL != shadow) {
                rewind (shadow);
        }else {
-               shadow = fopen (SHADOW_FILE, "r");
+               shadow = fopen (SHADOW_FILE, "re");
        }
 }