blob: b250fd332b99fa100bde5638a8a5bf3d7aa2283c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From 243fc987f15b4e280acb089b6f476de204cb7def Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Tue, 10 Jan 2017 20:06:08 +0100
Subject: [PATCH] Close /dev/{random,urandom} on exec
This prevents the descriptors to leak to programs that are executed.
Fixes https://gitlab.com/cryptsetup/cryptsetup/issues/313
---
lib/random.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/random.c b/lib/random.c
index cb772f4..12040dc 100644
--- a/lib/random.c
+++ b/lib/random.c
@@ -152,13 +152,13 @@ int crypt_random_init(struct crypt_device *ctx)
/* Used for CRYPT_RND_NORMAL */
if(urandom_fd == -1)
- urandom_fd = open(URANDOM_DEVICE, O_RDONLY);
+ urandom_fd = open(URANDOM_DEVICE, O_RDONLY | O_CLOEXEC);
if(urandom_fd == -1)
goto fail;
/* Used for CRYPT_RND_KEY */
if(random_fd == -1)
- random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK);
+ random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK | O_CLOEXEC);
if(random_fd == -1)
goto fail;
--
2.11.0
|
