From 5f7318e3045845752bf732014edc6d4c0cb4a71d Mon Sep 17 00:00:00 2001
From: Philip Guenther <guenther@cvs.openbsd.org>
Date: Wed, 9 Jul 2014 12:54:04 +0000
Subject: Use O_CLOEXEC to make sure fork+exec in a threaded process can't see
 the fds used by dlopen()

ok otto@ miod@
---
 libexec/ld.so/library.c        | 4 ++--
 libexec/ld.so/library_mquery.c | 4 ++--
 libexec/ld.so/sod.c            | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/libexec/ld.so/library.c b/libexec/ld.so/library.c
index 74b5eb2bfd4..b5617157cf3 100644
--- a/libexec/ld.so/library.c
+++ b/libexec/ld.so/library.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: library.c,v 1.68 2014/06/21 08:00:22 otto Exp $ */
+/*	$OpenBSD: library.c,v 1.69 2014/07/09 12:54:03 guenther Exp $ */
 
 /*
  * Copyright (c) 2002 Dale Rahn
@@ -93,7 +93,7 @@ _dl_tryload_shlib(const char *libname, int type, int flags)
 #define ROUND_PG(x) (((x) + align) & ~(align))
 #define TRUNC_PG(x) ((x) & ~(align))
 
-	libfile = _dl_open(libname, O_RDONLY);
+	libfile = _dl_open(libname, O_RDONLY | O_CLOEXEC);
 	if (libfile < 0) {
 		_dl_errno = DL_CANT_OPEN;
 		return(0);
diff --git a/libexec/ld.so/library_mquery.c b/libexec/ld.so/library_mquery.c
index cfafa75ed35..62310707977 100644
--- a/libexec/ld.so/library_mquery.c
+++ b/libexec/ld.so/library_mquery.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: library_mquery.c,v 1.45 2014/06/21 08:00:23 otto Exp $ */
+/*	$OpenBSD: library_mquery.c,v 1.46 2014/07/09 12:54:03 guenther Exp $ */
 
 /*
  * Copyright (c) 2002 Dale Rahn
@@ -99,7 +99,7 @@ _dl_tryload_shlib(const char *libname, int type, int flags)
 #define ROUND_PG(x) (((x) + align) & ~(align))
 #define TRUNC_PG(x) ((x) & ~(align))
 
-	libfile = _dl_open(libname, O_RDONLY);
+	libfile = _dl_open(libname, O_RDONLY | O_CLOEXEC);
 	if (libfile < 0) {
 		_dl_errno = DL_CANT_OPEN;
 		return(0);
diff --git a/libexec/ld.so/sod.c b/libexec/ld.so/sod.c
index 3cd7f983498..a0464f04664 100644
--- a/libexec/ld.so/sod.c
+++ b/libexec/ld.so/sod.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: sod.c,v 1.29 2014/07/06 17:33:10 otto Exp $	*/
+/*	$OpenBSD: sod.c,v 1.30 2014/07/09 12:54:03 guenther Exp $	*/
 
 /*
  * Copyright (c) 1993 Paul Kranenburg
@@ -162,7 +162,7 @@ _dl_maphints(void)
 	long		hsize = 0;
 	int		hfd;
 
-	if ((hfd = _dl_open(_PATH_LD_HINTS, O_RDONLY)) < 0)
+	if ((hfd = _dl_open(_PATH_LD_HINTS, O_RDONLY | O_CLOEXEC)) < 0)
 		goto bad_hints;
 
 	if (_dl_fstat(hfd, &sb) != 0 || !S_ISREG(sb.st_mode) ||
-- 
cgit v1.2.3