From: Tobias Stoeckmann <tobias@stoeckmann.org>
Date: Mon, 6 Jan 2025 16:24:13 +0000 (+0100)
Subject: lib/: Set O_CLOEXEC for static FILE handles
X-Git-Tag: 4.17.2~2
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=aebc4dd8c69fbd06442e10b4e107f64b45d855da;p=thirdparty%2Fshadow.git

lib/: Set O_CLOEXEC for static FILE handles

With glibc we can use "e" in mode argument to set O_CLOEXEC on
opened files. The /etc/shadow and /etc/gshadow file handles should
be protected to make sure that they are never passed to child
processes by accident.

Reviewed-by: Alejandro Colomar <alx@kernel.org>
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
---

diff --git a/lib/gshadow.c b/lib/gshadow.c
index e66704a2f..072166f63 100644
--- a/lib/gshadow.c
+++ b/lib/gshadow.c
@@ -55,7 +55,7 @@ void setsgent (void)
 	if (NULL != shadow) {
 		rewind (shadow);
 	} else {
-		shadow = fopen (SGROUP_FILE, "r");
+		shadow = fopen (SGROUP_FILE, "re");
 	}
 }
 
diff --git a/lib/shadow.c b/lib/shadow.c
index 3bacd204c..cc1edc96c 100644
--- a/lib/shadow.c
+++ b/lib/shadow.c
@@ -41,7 +41,7 @@ void setspent (void)
 	if (NULL != shadow) {
 		rewind (shadow);
 	}else {
-		shadow = fopen (SHADOW_FILE, "r");
+		shadow = fopen (SHADOW_FILE, "re");
 	}
 }