From d035e5bb78cb8ac0672f4644854db8a75bc1e2d8 Mon Sep 17 00:00:00 2001 From: Mike Frysinger Date: Sat, 23 Jun 2012 19:30:10 -0400 Subject: libsandbox: do not leak file handles from tracing checks Make sure we use O_CLOEXEC, and clean things up before forking off a tracing process. Signed-off-by: Mike Frysinger --- libsandbox/wrapper-funcs/__wrapper_exec.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'libsandbox') diff --git a/libsandbox/wrapper-funcs/__wrapper_exec.c b/libsandbox/wrapper-funcs/__wrapper_exec.c index bbdb103..c3536c3 100644 --- a/libsandbox/wrapper-funcs/__wrapper_exec.c +++ b/libsandbox/wrapper-funcs/__wrapper_exec.c @@ -26,8 +26,9 @@ static void sb_check_exec(const char *filename, char *const argv[]) int fd; unsigned char *elf; struct stat st; + bool do_trace = false; - fd = open(filename, O_RDONLY); + fd = open(filename, O_RDONLY|O_CLOEXEC); if (fd == -1) return; if (stat(filename, &st)) @@ -64,8 +65,8 @@ static void sb_check_exec(const char *filename, char *const argv[]) else PARSE_ELF(64); - /* We only support tracing of host personality atm */ - trace_main(filename, argv); + do_trace = true; + /* Now that we're done with stuff, clean up before forking */ done: @@ -73,6 +74,9 @@ static void sb_check_exec(const char *filename, char *const argv[]) munmap(elf, st.st_size); out_fd: close(fd); + + if (do_trace) + trace_main(filename, argv); } static char **_sb_check_envp(char **envp, bool is_environ) -- cgit v1.2.3-65-gdbad