crypto: Use O_CLOEXEC in qcrypto_random_init

Avoids leaking the /dev/urandom fd into any child processes. Reviewed-by: N Laurent Vivier <lvivier@redhat.com> Reviewed-by: N Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: N Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: N Richard Henderson <richard.henderson@linaro.org>

crypto: Use O_CLOEXEC in qcrypto_random_init
Avoids leaking the /dev/urandom fd into any child processes. Reviewed-by: N Laurent Vivier <lvivier@redhat.com> Reviewed-by: N Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: N Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: N Richard Henderson <richard.henderson@linaro.org>
e9979ca6 · Richard Henderson · 25fb26e4 · e9979ca6
显示空白变更内容
内联并排

Showing with 2 addition and 2 deletion

crypto/random-platform.c crypto/random-platform.c +2 -2

未找到文件。
--- a/crypto/random-platform.c
+++ b/crypto/random-platform.c
@@ -42,9 +42,9 @@ int qcrypto_random_init(Error **errp)
 #else
    /* TBD perhaps also add support for BSD getentropy / Linux
     * getrandom syscalls directly */
-    fd = open("/dev/urandom", O_RDONLY);
+    fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
    if (fd == -1 && errno == ENOENT) {
-        fd = open("/dev/random", O_RDONLY);
+        fd = open("/dev/random", O_RDONLY | O_CLOEXEC);
    }

    if (fd < 0) {