lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:	Fri, 20 May 2011 13:22:09 -0500
From:	Nathan Lynch <ntl@...ox.com>
To:	Steven Rostedt <rostedt@...dmis.org>
Cc:	LKML <linux-kernel@...r.kernel.org>
Subject: [trace-cmd patch] close open fds on exec

trace-cmd's record mode allows child processes to inherit
tracing-related file descriptors:

$ trace-cmd record -esched: ls -l /proc/self/fd

total 0
lrwx------. 1 root root 64 May 20 12:44 0 -> /dev/pts/11
lrwx------. 1 root root 64 May 20 12:44 1 -> /dev/pts/11
lrwx------. 1 root root 64 May 20 12:44 2 -> /dev/pts/11
lrwx------. 1 root root 64 May 20 12:44 3 -> /sys/kernel/debug/tracing/tracing_on
l-wx------. 1 root root 64 May 20 12:44 4 -> /sys/kernel/debug/tracing/set_ftrace_pid
l-wx------. 1 root root 64 May 20 12:44 5 -> /sys/kernel/debug/tracing/tracing_enabled
lr-x------. 1 root root 64 May 20 12:44 6 -> /proc/31036/fd

This can be problematic for applications (such as lxc) that
interrogate their open file descriptors.

Open these with O_CLOEXEC so they are not inherited.

Signed-off-by: Nathan Lynch <ntl@...ox.com>
---
 trace-record.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/trace-record.c b/trace-record.c
index fa23b82..c4a51d7 100644
--- a/trace-record.c
+++ b/trace-record.c
@@ -343,7 +343,7 @@ static void update_ftrace_pid(const char *pid, int reset)
 			path = tracecmd_get_tracing_file("set_ftrace_pid");
 		if (!path)
 			return;
-		fd = open(path, O_WRONLY | (reset ? O_TRUNC : 0));
+		fd = open(path, O_WRONLY | O_CLOEXEC | (reset ? O_TRUNC : 0));
 		if (fd < 0)
 			return;
 	}
@@ -795,7 +795,7 @@ static void check_tracing_enabled(void)
 
 	if (fd < 0) {
 		path = tracecmd_get_tracing_file("tracing_enabled");
-		fd = open(path, O_WRONLY);
+		fd = open(path, O_WRONLY | O_CLOEXEC);
 		tracecmd_put_tracing_file(path);
 
 		if (fd < 0)
@@ -815,7 +815,7 @@ static int open_tracing_on(void)
 		return fd;
 
 	path = tracecmd_get_tracing_file("tracing_on");
-	fd = open(path, O_RDWR);
+	fd = open(path, O_RDWR | O_CLOEXEC);
 	if (fd < 0)
 		die("opening '%s'", path);
 	tracecmd_put_tracing_file(path);
-- 
1.7.5.1



--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ