mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-12-28 12:51:44 +01:00
36 lines
1.0 KiB
Diff
36 lines
1.0 KiB
Diff
From 243fc987f15b4e280acb089b6f476de204cb7def Mon Sep 17 00:00:00 2001
|
|
From: Natanael Copa <ncopa@alpinelinux.org>
|
|
Date: Tue, 10 Jan 2017 20:06:08 +0100
|
|
Subject: [PATCH] Close /dev/{random,urandom} on exec
|
|
|
|
This prevents the descriptors to leak to programs that are executed.
|
|
|
|
Fixes https://gitlab.com/cryptsetup/cryptsetup/issues/313
|
|
---
|
|
lib/random.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/lib/random.c b/lib/random.c
|
|
index cb772f4..12040dc 100644
|
|
--- a/lib/random.c
|
|
+++ b/lib/random.c
|
|
@@ -152,13 +152,13 @@ int crypt_random_init(struct crypt_device *ctx)
|
|
|
|
/* Used for CRYPT_RND_NORMAL */
|
|
if(urandom_fd == -1)
|
|
- urandom_fd = open(URANDOM_DEVICE, O_RDONLY);
|
|
+ urandom_fd = open(URANDOM_DEVICE, O_RDONLY | O_CLOEXEC);
|
|
if(urandom_fd == -1)
|
|
goto fail;
|
|
|
|
/* Used for CRYPT_RND_KEY */
|
|
if(random_fd == -1)
|
|
- random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK);
|
|
+ random_fd = open(RANDOM_DEVICE, O_RDONLY | O_NONBLOCK | O_CLOEXEC);
|
|
if(random_fd == -1)
|
|
goto fail;
|
|
|
|
--
|
|
2.11.0
|
|
|