open files O_CLOEXEC|O_EXCL

Dumb patch that adds O_CLOEXEC to all open/fopen calls, even where it is obviously pointless. While at it, also add O_EXCL where it might be considered useful, for example to clear Coverity warnings, or on files that subsequently are used to configure a join sandbox. Pure defense in depth, this patch should have no observable effects.
author: smitsohu <smitsohu@gmail.com> 2021-05-16 15:48:14 +0200
committer: smitsohu <smitsohu@gmail.com> 2021-05-16 15:48:14 +0200
commit: 825ac9cdc38c4285584e69d6f29102b149914dfe (patch)
tree: fd65f17f166a535f9a619c044022a3b933cc5f0c /src/firejail/fs_home.c
parent: Update disable-common.inc (diff)
download: firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.tar.gz
firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.tar.zst
firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index 46f32d7ad..c7b87235a 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -130,7 +130,7 @@ static int store_xauthority(void) {
                }
                // create an empty file as root, and change ownership to user
-                FILE *fp = fopen(dest, "w");
+                FILE *fp = fopen(dest, "we");
                if (fp) {
                        fprintf(fp, "\n");
                        SET_PERMS_STREAM(fp, getuid(), getgid(), 0600);
@@ -178,7 +178,7 @@ static int store_asoundrc(void) {
                }
                // create an empty file as root, and change ownership to user
-                FILE *fp = fopen(dest, "w");
+                FILE *fp = fopen(dest, "we");
                if (fp) {
                        fprintf(fp, "\n");
                        SET_PERMS_STREAM(fp, getuid(), getgid(), 0644);
author	smitsohu <smitsohu@gmail.com>	2021-05-16 15:48:14 +0200
committer	smitsohu <smitsohu@gmail.com>	2021-05-16 15:48:14 +0200
commit	825ac9cdc38c4285584e69d6f29102b149914dfe (patch)
tree	fd65f17f166a535f9a619c044022a3b933cc5f0c /src/firejail/fs_home.c
parent	Update disable-common.inc (diff)
download	firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.tar.gz firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.tar.zst firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.zip

diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 46f32d7ad..c7b87235a 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c
@@ -130,7 +130,7 @@ static int store_xauthority(void) {
130	}	130	}
131		131
132	// create an empty file as root, and change ownership to user	132	// create an empty file as root, and change ownership to user
133	FILE *fp = fopen(dest, "w");	133	FILE *fp = fopen(dest, "we");
134	if (fp) {	134	if (fp) {
135	fprintf(fp, "\n");	135	fprintf(fp, "\n");
136	SET_PERMS_STREAM(fp, getuid(), getgid(), 0600);	136	SET_PERMS_STREAM(fp, getuid(), getgid(), 0600);
@@ -178,7 +178,7 @@ static int store_asoundrc(void) {
178	}	178	}
179		179
180	// create an empty file as root, and change ownership to user	180	// create an empty file as root, and change ownership to user
181	FILE *fp = fopen(dest, "w");	181	FILE *fp = fopen(dest, "we");
182	if (fp) {	182	if (fp) {
183	fprintf(fp, "\n");	183	fprintf(fp, "\n");
184	SET_PERMS_STREAM(fp, getuid(), getgid(), 0644);	184	SET_PERMS_STREAM(fp, getuid(), getgid(), 0644);