rpms/make
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- Mark opened files as cloexec to prevent their leaking through fork

Browse Source 
- Resolves: #462090
This commit is contained in:
Petr Machata 2008-09-22 08:42:20 +00:00
parent eb9bbd322e
commit e801fa1472
2 changed files with 67 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
make-3.81-fdleak.patch Normal file
View File

@ -0,0 +1,60 @@
diff -urp make-3.81/read.c make-3.81-leak/read.c
--- make-3.81/read.c 2006-03-17 15:24:20.000000000 +0100
+++ make-3.81-leak/read.c 2008-09-16 16:43:12.000000000 +0200
@@ -296,6 +300,37 @@ restore_conditionals (struct conditional
conditionals = saved;
}
+/* If possible, open the file and mark it close-on-exec, so that make
+ doesn't leak the descriptor to binaries called via $(shell ...).*/
+static FILE *
+open_makefile (char *filename)
+{
+ FILE *fp;
+
+#if HAVE_FDOPEN
+ int fd = open (filename, O_RDONLY);
+ int save;
+ if (fd < 0)
+ return NULL;
+
+ fp = fdopen (fd, "r");
+ if (fp == NULL)
+ {
+ save = errno;
+ close (fd);
+ errno = save;
+ return NULL;
+ }
+
+ CLOSE_ON_EXEC (fd);
+
+#else
+ fp = fopen (filename, "r");
+#endif
+
+ return fp;
+}
+
static int
eval_makefile (char *filename, int flags)
{
@@ -335,7 +376,8 @@ eval_makefile (char *filename, int flags
filename = expanded;
}
- ebuf.fp = fopen (filename, "r");
+ ebuf.fp = open_makefile (filename);
+
/* Save the error code so we print the right message later. */
makefile_errno = errno;
@@ -348,7 +390,7 @@ eval_makefile (char *filename, int flags
for (i = 0; include_directories[i] != 0; ++i)
{
included = concat (include_directories[i], "/", filename);
- ebuf.fp = fopen (included, "r");
+ ebuf.fp = open_makefile (included);
if (ebuf.fp)
{
filename = included;

8
make.spec
View File

@ -3,7 +3,7 @@ Summary: A GNU tool which simplifies the build process for users
Name: make Name: make
Epoch: 1 Epoch: 1
Version: 3.81 Version: 3.81
Release: 12%{?dist} Release: 13%{?dist}
License: GPLv2+ License: GPLv2+
Group: Development/Tools Group: Development/Tools
URL: http://www.gnu.org/software/make/ URL: http://www.gnu.org/software/make/
@ -16,6 +16,7 @@ Patch7: make-3.81-memory.patch
Patch8: make-3.81-rlimit.patch Patch8: make-3.81-rlimit.patch
Patch9: make-3.81-newlines.patch Patch9: make-3.81-newlines.patch
Patch10: make-3.81-jobserver.patch Patch10: make-3.81-jobserver.patch
Patch11: make-3.81-fdleak.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires(post): /sbin/install-info Requires(post): /sbin/install-info
Requires(preun): /sbin/install-info Requires(preun): /sbin/install-info
@ -38,6 +39,7 @@ makefile.
%patch8 -p1 %patch8 -p1
%patch9 -p1 %patch9 -p1
%patch10 -p1 %patch10 -p1
%patch11 -p1
%build %build
%configure %configure
@ -76,6 +78,10 @@ fi
%{_infodir}/*.info* %{_infodir}/*.info*
%changelog %changelog
* Tue Sep 16 2008 Petr Machata <pmachata@redhat.com> - 1:3.81-13
- Mark opened files as cloexec to prevent their leaking through fork
- Resolves: #462090
* Tue Mar 25 2008 Petr Machata <pmachata@redhat.com> - 1:3.81-12 * Tue Mar 25 2008 Petr Machata <pmachata@redhat.com> - 1:3.81-12
- Fix the rlimit patch. The success flag is kept in memory shared - Fix the rlimit patch. The success flag is kept in memory shared
with parent process after vfork, and so cannot be reset. with parent process after vfork, and so cannot be reset.