diff -up dhcp-4.0.0//client/clparse.c.cloexec dhcp-4.0.0//client/clparse.c --- dhcp-4.0.0//client/clparse.c.cloexec 2008-07-01 15:36:54.000000000 -1000 +++ dhcp-4.0.0//client/clparse.c 2008-07-01 17:02:38.000000000 -1000 @@ -221,7 +221,7 @@ int read_client_conf_file (const char *n int token; isc_result_t status; - if ((file = open (name, O_RDONLY)) < 0) + if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0) return uerr2isc (errno); cfile = (struct parse *)0; @@ -258,7 +258,7 @@ void read_client_leases () /* Open the lease file. If we can't open it, just return - we can safely trust the server to remember our state. */ - if ((file = open (path_dhclient_db, O_RDONLY)) < 0) + if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0) return; cfile = (struct parse *)0; /* new_parse() may fail if the file is of zero length. */ diff -up dhcp-4.0.0//client/dhclient.c.cloexec dhcp-4.0.0//client/dhclient.c --- dhcp-4.0.0//client/dhclient.c.cloexec 2008-07-01 15:36:54.000000000 -1000 +++ dhcp-4.0.0//client/dhclient.c 2008-07-01 17:22:06.000000000 -1000 @@ -162,11 +162,11 @@ int main(int argc, char **argv, char **e /* Make sure that file descriptors 0 (stdin), 1, (stdout), and 2 (stderr) are open. To do this, we assume that when we open a file the lowest available file descriptor is used. */ - fd = open("/dev/null", O_RDWR); + fd = open("/dev/null", O_RDWR | O_CLOEXEC); if (fd == 0) - fd = open("/dev/null", O_RDWR); + fd = open("/dev/null", O_RDWR | O_CLOEXEC); if (fd == 1) - fd = open("/dev/null", O_RDWR); + fd = open("/dev/null", O_RDWR | O_CLOEXEC); if (fd == 2) log_perror = 0; /* No sense logging to /dev/null. */ else if (fd != -1) @@ -442,6 +442,19 @@ int main(int argc, char **argv, char **e oldpid = 0; if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) { + int fn = fileno(pidfd); + int flags = fcntl(fn, F_GETFD); + + if (flags == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } else { + flags |= FD_CLOEXEC; + + if (fcntl(fn, F_SETFD, flags) == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } + } + e = fscanf(pidfd, "%ld\n", &temp); oldpid = (pid_t)temp; @@ -484,6 +497,19 @@ int main(int argc, char **argv, char **e sprintf(new_path_dhclient_pid + pfx, "-%s.pid", ip->name); if ((pidfd = fopen(new_path_dhclient_pid, "r")) != NULL) { + int fn = fileno(pidfd); + int flags = fcntl(fn, F_GETFD); + + if (flags == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } else { + flags |= FD_CLOEXEC; + + if (fcntl(fn, F_SETFD, flags) == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } + } + e = fscanf(pidfd, "%ld\n", &temp); oldpid = (pid_t)temp; @@ -509,6 +535,19 @@ int main(int argc, char **argv, char **e char procfn[256] = ""; if ((pidfp = fopen(path_dhclient_pid, "r")) != NULL) { + int fn = fileno(pidfd); + int flags = fcntl(fn, F_GETFD); + + if (flags == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } else { + flags |= FD_CLOEXEC; + + if (fcntl(fn, F_SETFD, flags) == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } + } + if ((fscanf(pidfp, "%ld", &temp)==1) && ((dhcpid=(pid_t)temp) > 0)) { snprintf(procfn,256,"/proc/%u",dhcpid); dhc_running = (access(procfn, F_OK) == 0); @@ -2896,6 +2935,7 @@ int leases_written = 0; void rewrite_client_leases () { + int fn, flags; struct interface_info *ip; struct client_state *client; struct client_lease *lp; @@ -2908,9 +2948,17 @@ void rewrite_client_leases () return; } - if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { - log_error ("failed to set close-on-exec for %s", path_dhclient_db); - return; + fn = fileno(leaseFile); + flags = fcntl(fn, F_GETFD); + + if (flags == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } else { + flags |= FD_CLOEXEC; + + if (fcntl(fn, F_SETFD, flags) == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } } /* If there is a default duid, write it out. */ @@ -3005,20 +3053,30 @@ static isc_result_t write_duid(struct data_string *duid) { char *str; - int stat; + int stat, fn, flags; if ((duid == NULL) || (duid->len <= 2)) return ISC_R_INVALIDARG; if (leaseFile == NULL) { /* XXX? */ leaseFile = fopen(path_dhclient_db, "w"); + if (leaseFile == NULL) { log_error("can't create %s: %m", path_dhclient_db); return ISC_R_IOERROR; } - if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { - log_error ("failed to set close-on-exec for %s", path_dhclient_db); - return ISC_R_IOERROR; + + fn = fileno(leaseFile); + flags = fcntl(fn, F_GETFD); + + if (flags == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } else { + flags |= FD_CLOEXEC; + + if (fcntl(fn, F_SETFD, flags) == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } } } @@ -3049,7 +3107,7 @@ write_client6_lease(struct client_state { struct dhc6_ia *ia; struct dhc6_addr *addr; - int stat; + int stat, fn, flags; /* This should include the current lease. */ if (!rewrite && (leases_written++ > 20)) { @@ -3063,13 +3121,23 @@ write_client6_lease(struct client_state if (leaseFile == NULL) { /* XXX? */ leaseFile = fopen(path_dhclient_db, "w"); + if (leaseFile == NULL) { log_error("can't create %s: %m", path_dhclient_db); return ISC_R_IOERROR; } - if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { - log_error ("failed to set close-on-exec for %s", path_dhclient_db); - return ISC_R_IOERROR; + + fn = fileno(leaseFile); + flags = fcntl(fn, F_GETFD); + + if (flags == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } else { + flags |= FD_CLOEXEC; + + if (fcntl(fn, F_SETFD, flags) == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } } } @@ -3152,7 +3220,7 @@ int write_client_lease (client, lease, r int makesure; { struct data_string ds; - int errors = 0; + int errors = 0, fn, flags; char *s; const char *tval; @@ -3170,13 +3238,23 @@ int write_client_lease (client, lease, r if (leaseFile == NULL) { /* XXX */ leaseFile = fopen (path_dhclient_db, "w"); + if (leaseFile == NULL) { log_error ("can't create %s: %m", path_dhclient_db); return 0; } - if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { - log_error ("failed to set close-on-exec for %s", path_dhclient_db); - return ISC_R_IOERROR; + + fn = fileno(leaseFile); + flags = fcntl(fn, F_GETFD); + + if (flags == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } else { + flags |= FD_CLOEXEC; + + if (fcntl(fn, F_SETFD, flags) == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } } } @@ -3675,9 +3753,9 @@ void go_daemon () close(2); /* Reopen them on /dev/null. */ - open("/dev/null", O_RDWR); - open("/dev/null", O_RDWR); - open("/dev/null", O_RDWR); + open("/dev/null", O_RDWR | O_CLOEXEC); + open("/dev/null", O_RDWR | O_CLOEXEC); + open("/dev/null", O_RDWR | O_CLOEXEC); write_client_pid_file (); @@ -3689,7 +3767,7 @@ void write_client_pid_file () FILE *pf; int pfdesc; - pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY, 0644); + pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); if (pfdesc < 0) { log_error ("Can't create %s: %m", path_dhclient_pid); diff -up dhcp-4.0.0//common/bpf.c.cloexec dhcp-4.0.0//common/bpf.c --- dhcp-4.0.0//common/bpf.c.cloexec 2008-07-01 15:36:54.000000000 -1000 +++ dhcp-4.0.0//common/bpf.c 2008-07-01 17:23:40.000000000 -1000 @@ -94,7 +94,7 @@ int if_register_bpf (info) for (b = 0; 1; b++) { /* %Audit% 31 bytes max. %2004.06.17,Safe% */ sprintf(filename, BPF_FORMAT, b); - sock = open (filename, O_RDWR, 0); + sock = open (filename, O_RDWR | O_CLOEXEC, 0); if (sock < 0) { if (errno == EBUSY) { continue; diff -up dhcp-4.0.0//common/discover.c.cloexec dhcp-4.0.0//common/discover.c --- dhcp-4.0.0//common/discover.c.cloexec 2008-07-01 15:36:54.000000000 -1000 +++ dhcp-4.0.0//common/discover.c 2008-07-01 17:26:03.000000000 -1000 @@ -387,6 +387,8 @@ begin_iface_scan(struct iface_conf_list char buf[256]; int len; int i; + int fn; + int flags; ifaces->fp = fopen("/proc/net/dev", "r"); if (ifaces->fp == NULL) { @@ -394,6 +396,19 @@ begin_iface_scan(struct iface_conf_list return 0; } + fn = fileno(ifaces->fp); + flags = fcntl(fn, F_GETFD); + + if (flags == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } else { + flags |= FD_CLOEXEC; + + if (fcntl(fn, F_SETFD, flags) == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } + } + /* * The first 2 lines are header information, so read and ignore them. */ @@ -432,6 +447,19 @@ begin_iface_scan(struct iface_conf_list ifaces->fp = NULL; return 0; } + + int fn = fileno(ifaces->fp6); + int flags = fcntl(fn, F_GETFD); + + if (flags == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } else { + flags |= FD_CLOEXEC; + + if (fcntl(fn, F_SETFD, flags) == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } + } #endif return 1; diff -up dhcp-4.0.0//common/dlpi.c.cloexec dhcp-4.0.0//common/dlpi.c --- dhcp-4.0.0//common/dlpi.c.cloexec 2008-07-01 15:36:54.000000000 -1000 +++ dhcp-4.0.0//common/dlpi.c 2008-07-01 17:26:31.000000000 -1000 @@ -795,7 +795,7 @@ dlpiopen(const char *ifname) { } *dp = '\0'; - return open (devname, O_RDWR, 0); + return open (devname, O_RDWR | O_CLOEXEC, 0); } /* diff -up dhcp-4.0.0//common/nit.c.cloexec dhcp-4.0.0//common/nit.c --- dhcp-4.0.0//common/nit.c.cloexec 2008-07-01 15:36:54.000000000 -1000 +++ dhcp-4.0.0//common/nit.c 2008-07-01 17:26:41.000000000 -1000 @@ -81,7 +81,7 @@ int if_register_nit (info) struct strioctl sio; /* Open a NIT device */ - sock = open ("/dev/nit", O_RDWR); + sock = open ("/dev/nit", O_RDWR | O_CLOEXEC); if (sock < 0) log_fatal ("Can't open NIT device for %s: %m", info -> name); diff -up dhcp-4.0.0//common/resolv.c.cloexec dhcp-4.0.0//common/resolv.c --- dhcp-4.0.0//common/resolv.c.cloexec 2007-11-30 11:51:43.000000000 -1000 +++ dhcp-4.0.0//common/resolv.c 2008-07-01 17:26:54.000000000 -1000 @@ -48,7 +48,7 @@ void read_resolv_conf (parse_time) struct name_server *sp, *sl, *ns; struct domain_search_list *dp, *dl, *nd; - if ((file = open (path_resolv_conf, O_RDONLY)) < 0) { + if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) { log_error ("Can't open %s: %m", path_resolv_conf); return; } diff -up dhcp-4.0.0//common/upf.c.cloexec dhcp-4.0.0//common/upf.c --- dhcp-4.0.0//common/upf.c.cloexec 2008-07-01 15:36:54.000000000 -1000 +++ dhcp-4.0.0//common/upf.c 2008-07-01 17:27:04.000000000 -1000 @@ -77,7 +77,7 @@ int if_register_upf (info) /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ sprintf(filename, "/dev/pf/pfilt%d", b); - sock = open (filename, O_RDWR, 0); + sock = open (filename, O_RDWR | O_CLOEXEC, 0); if (sock < 0) { if (errno == EBUSY) { continue; diff -up dhcp-4.0.0//dst/dst_support.c.cloexec dhcp-4.0.0//dst/dst_support.c --- dhcp-4.0.0//dst/dst_support.c.cloexec 2007-12-05 14:50:22.000000000 -1000 +++ dhcp-4.0.0//dst/dst_support.c 2008-07-01 17:31:47.000000000 -1000 @@ -426,6 +426,8 @@ dst_s_fopen(const char *filename, const FILE *fp; char pathname[PATH_MAX]; unsigned plen = sizeof(pathname); + int fn; + int flags; if (*dst_path != '\0') { strcpy(pathname, dst_path); @@ -442,6 +444,15 @@ dst_s_fopen(const char *filename, const fp = fopen(pathname, mode); if (perm) chmod(pathname, perm); + + fn = fileno(fp); + flags = fcntl(fn, F_GETFD); + + if (flags != -1) { + flags |= FD_CLOEXEC; + flags = fcntl(fn, F_SETFD, flags); + } + return (fp); } diff -up dhcp-4.0.0//dst/prandom.c.cloexec dhcp-4.0.0//dst/prandom.c --- dhcp-4.0.0//dst/prandom.c.cloexec 2007-11-30 11:51:43.000000000 -1000 +++ dhcp-4.0.0//dst/prandom.c 2008-07-01 17:35:55.000000000 -1000 @@ -267,7 +267,7 @@ get_dev_random(u_char *output, unsigned s = stat("/dev/random", &st); if (s == 0 && S_ISCHR(st.st_mode)) { - if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) { + if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK | O_CLOEXEC)) != -1) { if ((n = read(fd, output, size)) < 0) n = 0; close(fd); @@ -480,6 +480,12 @@ digest_file(dst_work *work) } if ((fp = fopen(name, "r")) == NULL) return (0); + int fn = fileno(fp); + int flags = fcntl(fn, F_GETFD); + if (flags != -1) { + flags |= FD_CLOEXEC; + flags = fcntl(fn, F_SETFD, flags); + } for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0; no += i) dst_sign_data(SIG_MODE_UPDATE, work->file_digest, &ctx, diff -up dhcp-4.0.0//minires/res_init.c.cloexec dhcp-4.0.0//minires/res_init.c --- dhcp-4.0.0//minires/res_init.c.cloexec 2007-10-01 04:47:35.000000000 -1000 +++ dhcp-4.0.0//minires/res_init.c 2008-07-01 17:44:26.000000000 -1000 @@ -235,6 +235,14 @@ minires_vinit(res_state statp, int prein line[sizeof(name) - 1] == '\t')) if ((fp = fopen(_PATH_RESCONF, "r")) != NULL) { + int fn = fileno(fp); + int flags = fcntl(fn, F_GETFD); + + if (flags != -1) { + flags |= FD_CLOEXEC; + flags = fcntl(fn, F_SETFD, flags); + } + /* read the config file */ while (fgets(buf, sizeof(buf), fp) != NULL) { /* skip comments */ diff -up dhcp-4.0.0//minires/res_query.c.cloexec dhcp-4.0.0//minires/res_query.c --- dhcp-4.0.0//minires/res_query.c.cloexec 2007-09-05 07:32:10.000000000 -1000 +++ dhcp-4.0.0//minires/res_query.c 2008-07-01 17:46:04.000000000 -1000 @@ -387,12 +387,19 @@ res_hostalias(const res_state statp, con unsigned char *cp1, *cp2; char buf[BUFSIZ]; FILE *fp; + int fn, flags; if (statp->options & RES_NOALIASES) return (NULL); file = getenv("HOSTALIASES"); if (file == NULL || (fp = fopen(file, "r")) == NULL) return (NULL); + fn = fileno(fp); + flags = fcntl(fn, F_GETFD); + if (flags != -1) { + flags |= FD_CLOEXEC; + flags = fcntl(fn, F_SETFD, flags); + } setbuf(fp, NULL); buf[sizeof(buf) - 1] = '\0'; while (fgets(buf, sizeof(buf), fp)) { diff -up dhcp-4.0.0//omapip/trace.c.cloexec dhcp-4.0.0//omapip/trace.c --- dhcp-4.0.0//omapip/trace.c.cloexec 2007-07-12 20:43:42.000000000 -1000 +++ dhcp-4.0.0//omapip/trace.c 2008-07-01 17:29:46.000000000 -1000 @@ -140,10 +140,10 @@ isc_result_t trace_begin (const char *fi return ISC_R_INVALIDARG; } - traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600); + traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600); if (traceoutfile < 0 && errno == EEXIST) { log_error ("WARNING: Overwriting trace file \"%s\"", filename); - traceoutfile = open (filename, O_WRONLY | O_EXCL, 0600); + traceoutfile = open (filename, O_WRONLY | O_EXCL | O_CLOEXEC, 0600); } if (traceoutfile < 0) { @@ -428,12 +428,28 @@ void trace_file_replay (const char *file trace_type_t *ttype = (trace_type_t *)0; isc_result_t result; int len; + int fn; + int flags; traceinfile = fopen (filename, "r"); if (!traceinfile) { log_error ("Can't open tracefile %s: %m", filename); return; } + + fn = fileno(traceinfile); + flags = fcntl(fn, F_GETFD); + + if (flags == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } else { + flags |= FD_CLOEXEC; + + if (fcntl(fn, F_SETFD, flags) == -1) { + log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); + } + } + #if defined (HAVE_SETFD) if (fcntl (fileno (traceinfile), F_SETFD, 1) < 0) log_error ("Can't set close-on-exec on %s: %m", filename);