diff options
Diffstat (limited to 'main/cryptsetup/0001-Close-dev-random-urandom-on-exec.patch')
-rw-r--r-- | main/cryptsetup/0001-Close-dev-random-urandom-on-exec.patch | 35 |
1 files changed, 0 insertions, 35 deletions
diff --git a/main/cryptsetup/0001-Close-dev-random-urandom-on-exec.patch b/main/cryptsetup/0001-Close-dev-random-urandom-on-exec.patch deleted file mode 100644 index b250fd332b..0000000000 --- a/main/cryptsetup/0001-Close-dev-random-urandom-on-exec.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 243fc987f15b4e280acb089b6f476de204cb7def Mon Sep 17 00:00:00 2001 -From: Natanael Copa <ncopa@alpinelinux.org> -Date: Tue, 10 Jan 2017 20:06:08 +0100 -Subject: [PATCH] Close /dev/{random,urandom} on exec - -This prevents the descriptors to leak to programs that are executed. - -Fixes https://gitlab.com/cryptsetup/cryptsetup/issues/313 ---- - lib/random.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/lib/random.c b/lib/random.c -index cb772f4..12040dc 100644 ---- a/lib/random.c -+++ b/lib/random.c -@@ -152,13 +152,13 @@ int crypt_random_init(struct crypt_device *ctx) - - /* Used for CRYPT_RND_NORMAL */ - if(urandom_fd == -1) -- urandom_fd = open(URANDOM_DEVICE, O_RDONLY); -+ urandom_fd = open(URANDOM_DEVICE, O_RDONLY | O_CLOEXEC); - if(urandom_fd == -1) - goto fail; - - /* Used for CRYPT_RND_KEY */ - if(random_fd == -1) -- random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK); -+ random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK | O_CLOEXEC); - if(random_fd == -1) - goto fail; - --- -2.11.0 - |