Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/0044-tools-xl-Open-xldevd.log-with-O_CLOEXEC.patch
diff options
context:
space:
mode:
Diffstat (limited to '0044-tools-xl-Open-xldevd.log-with-O_CLOEXEC.patch')
-rw-r--r--0044-tools-xl-Open-xldevd.log-with-O_CLOEXEC.patch53
1 files changed, 53 insertions, 0 deletions
diff --git a/0044-tools-xl-Open-xldevd.log-with-O_CLOEXEC.patch b/0044-tools-xl-Open-xldevd.log-with-O_CLOEXEC.patch
new file mode 100644
index 0000000..39dc3eb
--- /dev/null
+++ b/0044-tools-xl-Open-xldevd.log-with-O_CLOEXEC.patch
@@ -0,0 +1,53 @@
+From 2b3bf02c4f5e44d7d7bd3636530c9ebc837dea87 Mon Sep 17 00:00:00 2001
+From: Andrew Cooper <andrew.cooper3@citrix.com>
+Date: Thu, 4 Jul 2024 14:11:36 +0200
+Subject: [PATCH 44/56] tools/xl: Open xldevd.log with O_CLOEXEC
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+`xl devd` has been observed leaking /var/log/xldevd.log into children.
+
+Note this is specifically safe; dup2() leaves O_CLOEXEC disabled on newfd, so
+after setting up stdout/stderr, it's only the logfile fd which will close on
+exec().
+
+Link: https://github.com/QubesOS/qubes-issues/issues/8292
+Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com>
+Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
+Reviewed-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
+Reviewed-by: Demi Marie Obenour <demi@invisiblethingslab.com>
+Acked-by: Anthony PERARD <anthony.perard@vates.tech>
+master commit: ba52b3b624e4a1a976908552364eba924ca45430
+master date: 2024-06-24 16:22:59 +0100
+---
+ tools/xl/xl_utils.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/tools/xl/xl_utils.c b/tools/xl/xl_utils.c
+index 17489d1829..b0d23b2cdb 100644
+--- a/tools/xl/xl_utils.c
++++ b/tools/xl/xl_utils.c
+@@ -27,6 +27,10 @@
+ #include "xl.h"
+ #include "xl_utils.h"
+
++#ifndef O_CLOEXEC
++#define O_CLOEXEC 0
++#endif
++
+ void dolog(const char *file, int line, const char *func, const char *fmt, ...)
+ {
+ va_list ap;
+@@ -270,7 +274,7 @@ int do_daemonize(const char *name, const char *pidfile)
+ exit(-1);
+ }
+
+- CHK_SYSCALL(logfile = open(fullname, O_WRONLY|O_CREAT|O_APPEND, 0644));
++ CHK_SYSCALL(logfile = open(fullname, O_WRONLY | O_CREAT | O_APPEND | O_CLOEXEC, 0644));
+ free(fullname);
+ assert(logfile >= 3);
+
+--
+2.45.2
+