diff options
author | 2021-05-16 15:48:14 +0200 | |
---|---|---|
committer | 2021-05-16 15:48:14 +0200 | |
commit | 825ac9cdc38c4285584e69d6f29102b149914dfe (patch) | |
tree | fd65f17f166a535f9a619c044022a3b933cc5f0c /src/firejail/fs_home.c | |
parent | Update disable-common.inc (diff) | |
download | firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.tar.gz firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.tar.zst firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.zip |
open files O_CLOEXEC|O_EXCL
Dumb patch that adds O_CLOEXEC to all open/fopen
calls, even where it is obviously pointless.
While at it, also add O_EXCL where it might be
considered useful, for example to clear Coverity
warnings, or on files that subsequently are used
to configure a join sandbox.
Pure defense in depth, this patch should have no
observable effects.
Diffstat (limited to 'src/firejail/fs_home.c')
-rw-r--r-- | src/firejail/fs_home.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c index 46f32d7ad..c7b87235a 100644 --- a/src/firejail/fs_home.c +++ b/src/firejail/fs_home.c | |||
@@ -130,7 +130,7 @@ static int store_xauthority(void) { | |||
130 | } | 130 | } |
131 | 131 | ||
132 | // create an empty file as root, and change ownership to user | 132 | // create an empty file as root, and change ownership to user |
133 | FILE *fp = fopen(dest, "w"); | 133 | FILE *fp = fopen(dest, "we"); |
134 | if (fp) { | 134 | if (fp) { |
135 | fprintf(fp, "\n"); | 135 | fprintf(fp, "\n"); |
136 | SET_PERMS_STREAM(fp, getuid(), getgid(), 0600); | 136 | SET_PERMS_STREAM(fp, getuid(), getgid(), 0600); |
@@ -178,7 +178,7 @@ static int store_asoundrc(void) { | |||
178 | } | 178 | } |
179 | 179 | ||
180 | // create an empty file as root, and change ownership to user | 180 | // create an empty file as root, and change ownership to user |
181 | FILE *fp = fopen(dest, "w"); | 181 | FILE *fp = fopen(dest, "we"); |
182 | if (fp) { | 182 | if (fp) { |
183 | fprintf(fp, "\n"); | 183 | fprintf(fp, "\n"); |
184 | SET_PERMS_STREAM(fp, getuid(), getgid(), 0644); | 184 | SET_PERMS_STREAM(fp, getuid(), getgid(), 0644); |