diff options
author | Stephen Hemminger <shemminger@vyatta.com> | 2012-07-11 09:29:22 -0700 |
---|---|---|
committer | Stephen Hemminger <shemminger@vyatta.com> | 2012-07-11 11:52:47 -0700 |
commit | 8ebd82645a8503ec1b8464586e5c19c18c009f06 (patch) | |
tree | 955485024bcb20545e1c061f83777186baababb7 /src/cstore | |
parent | 628e456b5fc2c11cd474546461d1458a17d4ab56 (diff) | |
download | vyatta-cfg-8ebd82645a8503ec1b8464586e5c19c18c009f06.tar.gz vyatta-cfg-8ebd82645a8503ec1b8464586e5c19c18c009f06.zip |
Don't leak file descriptors to action
Bug 8204
Make sure we don't handle unnecessary file descriptors to child
processes. This is done by marking file descriptors as close on
exec, and closing pipe before exec.
Diffstat (limited to 'src/cstore')
-rw-r--r-- | src/cstore/unionfs/cstore-unionfs.cpp | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/src/cstore/unionfs/cstore-unionfs.cpp b/src/cstore/unionfs/cstore-unionfs.cpp index f8e54d7..7cfe23d 100644 --- a/src/cstore/unionfs/cstore-unionfs.cpp +++ b/src/cstore/unionfs/cstore-unionfs.cpp @@ -20,7 +20,9 @@ #include <fstream> #include <sstream> +#include <unistd.h> #include <errno.h> +#include <fcntl.h> #include <sys/mount.h> #include <cli_cstore.h> @@ -701,7 +703,10 @@ UnionfsCstore::commitConfig(commit::PrioNode& node) bool UnionfsCstore::getCommitLock() { - int fd = creat(C_COMMIT_LOCK_FILE.c_str(), 0777); + int fd; + + fd = open(C_COMMIT_LOCK_FILE.c_str(), + O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0666); if (fd < 0) { // should not happen since all commit processes should have write access output_internal("getCommitLock() failed to open lock file\n"); |