vipw: do not let editor to inherit open file descriptors

Signed-off-by: Sami Kerola <kerolasa@iki.fi>
author: Sami Kerola 2017-12-03 13:51:14 +0100
committer: Karel Zak 2017-12-04 13:04:11 +0100
commit: a16f45d4f6c17f9f7baf65b32a8e2b2ebe6c1bc2 (patch)
tree: 2392e0284879b1b87919ebbd78cfae6ab900ce8f /login-utils
parent: login: add LOGIN_PLAIN_PROMPT to login.defs (diff)
download: kernel-qcow2-util-linux-a16f45d4f6c17f9f7baf65b32a8e2b2ebe6c1bc2.tar.gz
kernel-qcow2-util-linux-a16f45d4f6c17f9f7baf65b32a8e2b2ebe6c1bc2.tar.xz
kernel-qcow2-util-linux-a16f45d4f6c17f9f7baf65b32a8e2b2ebe6c1bc2.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/login-utils/vipw.c b/login-utils/vipw.c
index b7650de8b..9b7696942 100644
--- a/login-utils/vipw.c
+++ b/login-utils/vipw.c
@@ -257,7 +257,7 @@ static void edit_file(int is_shadow)
 	if (lckpwdf() < 0)
 		err(EXIT_FAILURE, _("cannot get lock"));
 
-	passwd_file = open(orig_file, O_RDONLY, 0);
+	passwd_file = open(orig_file, O_RDONLY | O_CLOEXEC, 0);
 	if (passwd_file < 0)
 		err(EXIT_FAILURE, _("cannot open %s"), orig_file);
 	tmp_fd = pw_tmpfile(passwd_file);
@@ -275,7 +275,7 @@ static void edit_file(int is_shadow)
 	if (end.st_nlink == 0) {
 		if (close_stream(tmp_fd) != 0)
 			err(EXIT_FAILURE, _("write error"));
-		tmp_fd = fopen(tmp_file, "r");
+		tmp_fd = fopen(tmp_file, "r" UL_CLOEXECSTR);
 		if (!tmp_fd)
 			err(EXIT_FAILURE, _("cannot open %s"), tmp_file);
 		if (fstat(fileno(tmp_fd), &end))
author	Sami Kerola	2017-12-03 13:51:14 +0100
committer	Karel Zak	2017-12-04 13:04:11 +0100
commit	a16f45d4f6c17f9f7baf65b32a8e2b2ebe6c1bc2 (patch)
tree	2392e0284879b1b87919ebbd78cfae6ab900ce8f /login-utils
parent	login: add LOGIN_PLAIN_PROMPT to login.defs (diff)
download	kernel-qcow2-util-linux-a16f45d4f6c17f9f7baf65b32a8e2b2ebe6c1bc2.tar.gz kernel-qcow2-util-linux-a16f45d4f6c17f9f7baf65b32a8e2b2ebe6c1bc2.tar.xz kernel-qcow2-util-linux-a16f45d4f6c17f9f7baf65b32a8e2b2ebe6c1bc2.zip