mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-11 05:33:47 +01:00
Initial work to set CLOEXEC on all possible fds
Still to go: some pipes, all stdio files.
This commit is contained in:
parent
e361de80bb
commit
5a66de7015
@ -250,6 +250,7 @@ dnl Check for functions before libevent, since libevent-1.2 apparently
|
||||
dnl exports strlcpy without defining it in a header.
|
||||
|
||||
AC_CHECK_FUNCS(
|
||||
accept4 \
|
||||
flock \
|
||||
ftime \
|
||||
getaddrinfo \
|
||||
|
@ -101,6 +101,23 @@
|
||||
#include "strlcat.c"
|
||||
#endif
|
||||
|
||||
/** As open(path, flags, mode), but return an fd with the close-on-exec mode
|
||||
* set. */
|
||||
int
|
||||
tor_open_cloexec(const char *path, int flags, unsigned mode)
|
||||
{
|
||||
#ifdef O_CLOEXEC
|
||||
return open(path, flags|O_CLOEXEC, mode);
|
||||
#else
|
||||
int fd = open(path, flags, mode);
|
||||
#ifdef FD_CLOEXEC
|
||||
if (fd >= 0)
|
||||
fcntl(s, F_SETFD, FD_CLOEXEC);
|
||||
#endif
|
||||
return fd;
|
||||
#endif
|
||||
}
|
||||
|
||||
#ifdef HAVE_SYS_MMAN_H
|
||||
/** Try to create a memory mapping for <b>filename</b> and return it. On
|
||||
* failure, return NULL. Sets errno properly, using ERANGE to mean
|
||||
@ -116,7 +133,7 @@ tor_mmap_file(const char *filename)
|
||||
|
||||
tor_assert(filename);
|
||||
|
||||
fd = open(filename, O_RDONLY, 0);
|
||||
fd = tor_open_cloexec(filename, O_RDONLY, 0);
|
||||
if (fd<0) {
|
||||
int save_errno = errno;
|
||||
int severity = (errno == ENOENT) ? LOG_INFO : LOG_WARN;
|
||||
@ -685,7 +702,7 @@ tor_lockfile_lock(const char *filename, int blocking, int *locked_out)
|
||||
*locked_out = 0;
|
||||
|
||||
log_info(LD_FS, "Locking \"%s\"", filename);
|
||||
fd = open(filename, O_RDWR|O_CREAT|O_TRUNC, 0600);
|
||||
fd = tor_open_cloexec(filename, O_RDWR|O_CREAT|O_TRUNC, 0600);
|
||||
if (fd < 0) {
|
||||
log_warn(LD_FS,"Couldn't open \"%s\" for locking: %s", filename,
|
||||
strerror(errno));
|
||||
@ -904,8 +921,15 @@ mark_socket_open(int s)
|
||||
int
|
||||
tor_open_socket(int domain, int type, int protocol)
|
||||
{
|
||||
int s = socket(domain, type, protocol);
|
||||
int s;
|
||||
#ifdef SOCK_CLOEXEC
|
||||
type |= SOCK_CLOEXEC;
|
||||
#endif
|
||||
s = socket(domain, type, protocol);
|
||||
if (s >= 0) {
|
||||
#ifdef FD_CLOEXEC
|
||||
fcntl(s, F_SETFD, FD_CLOEXEC);
|
||||
#endif
|
||||
socket_accounting_lock();
|
||||
++n_sockets_open;
|
||||
mark_socket_open(s);
|
||||
@ -918,8 +942,17 @@ tor_open_socket(int domain, int type, int protocol)
|
||||
int
|
||||
tor_accept_socket(int sockfd, struct sockaddr *addr, socklen_t *len)
|
||||
{
|
||||
int s = accept(sockfd, addr, len);
|
||||
int s;
|
||||
#if defined(HAVE_ACCEPT4) && defined(SOCK_CLOEXEC)
|
||||
#define LINUX_CLOEXEC_ACCEPT
|
||||
s = accept4(sockfd, addr, len, SOCK_CLOEXEC);
|
||||
#else
|
||||
s = accept(sockfd, addr, len);
|
||||
#endif
|
||||
if (s >= 0) {
|
||||
#if !defined(LINUX_CLOEXEC_ACCEPT) && defined(FD_CLOEXEC)
|
||||
fcntl(s, F_SETFD, FD_CLOEXEC);
|
||||
#endif
|
||||
socket_accounting_lock();
|
||||
++n_sockets_open;
|
||||
mark_socket_open(s);
|
||||
|
@ -340,6 +340,9 @@ struct tm *tor_gmtime_r(const time_t *timep, struct tm *result);
|
||||
((tvp)->tv_sec cmp (uvp)->tv_sec))
|
||||
|
||||
/* ===== File compatibility */
|
||||
|
||||
int tor_open_cloexec(const char *path, int flags, unsigned mode);
|
||||
|
||||
int replace_file(const char *from, const char *to);
|
||||
int touch_file(const char *fname);
|
||||
|
||||
|
@ -1814,7 +1814,7 @@ start_writing_to_file(const char *fname, int open_flags, int mode,
|
||||
if (open_flags & O_BINARY)
|
||||
new_file->binary = 1;
|
||||
|
||||
new_file->fd = open(open_name, open_flags, mode);
|
||||
new_file->fd = tor_open_cloexec(open_name, open_flags, mode);
|
||||
if (new_file->fd < 0) {
|
||||
log_warn(LD_FS, "Couldn't open \"%s\" (%s) for writing: %s",
|
||||
open_name, fname, strerror(errno));
|
||||
@ -2035,7 +2035,7 @@ read_file_to_str(const char *filename, int flags, struct stat *stat_out)
|
||||
|
||||
tor_assert(filename);
|
||||
|
||||
fd = open(filename,O_RDONLY|(bin?O_BINARY:O_TEXT),0);
|
||||
fd = tor_open_cloexec(filename,O_RDONLY|(bin?O_BINARY:O_TEXT),0);
|
||||
if (fd<0) {
|
||||
int severity = LOG_WARN;
|
||||
int save_errno = errno;
|
||||
@ -2735,7 +2735,7 @@ finish_daemon(const char *desired_cwd)
|
||||
exit(1);
|
||||
}
|
||||
|
||||
nullfd = open("/dev/null", O_RDWR);
|
||||
nullfd = tor_open_cloexec("/dev/null", O_RDWR, 0);
|
||||
if (nullfd < 0) {
|
||||
log_err(LD_GENERAL,"/dev/null can't be opened. Exiting.");
|
||||
exit(1);
|
||||
|
@ -1752,10 +1752,10 @@ get_pf_socket(void)
|
||||
|
||||
#ifdef OPENBSD
|
||||
/* only works on OpenBSD */
|
||||
pf = open("/dev/pf", O_RDONLY);
|
||||
pf = tor_open_cloexec("/dev/pf", O_RDONLY, 0);
|
||||
#else
|
||||
/* works on NetBSD and FreeBSD */
|
||||
pf = open("/dev/pf", O_RDWR);
|
||||
pf = tor_open_cloexec("/dev/pf", O_RDWR, 0);
|
||||
#endif
|
||||
|
||||
if (pf < 0) {
|
||||
|
@ -3035,7 +3035,7 @@ evdns_resolv_conf_parse(int flags, const char *const filename) {
|
||||
|
||||
log(EVDNS_LOG_DEBUG, "Parsing resolv.conf file %s", filename);
|
||||
|
||||
fd = open(filename, O_RDONLY);
|
||||
fd = tor_open_cloexec(filename, O_RDONLY, 0);
|
||||
if (fd < 0) {
|
||||
evdns_resolv_set_defaults(flags);
|
||||
return 1;
|
||||
|
Loading…
Reference in New Issue
Block a user