On Thu, Mar 14, 2019 at 10:43:11AM -0500, Eric Blake wrote:
> On 3/14/19 10:34 AM, Daniel P. Berrangé wrote:
> > On Wed, Mar 13, 2019 at 09:55:16PM -0700, Richard Henderson wrote:
> >> Avoids leaking the /dev/urandom fd into any child processes.
> >>
> >> Cc: Daniel P. Berrangé <berra...@redhat.com>
> >> Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
> >> ---
> >> crypto/random-platform.c | 4 ++--
> >> 1 file changed, 2 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/crypto/random-platform.c b/crypto/random-platform.c
> >> index 0866f216dc..8bfce99a65 100644
> >> --- a/crypto/random-platform.c
> >> +++ b/crypto/random-platform.c
> >> @@ -42,9 +42,9 @@ int qcrypto_random_init(Error **errp)
> >> #else
> >> /* TBD perhaps also add support for BSD getentropy / Linux
> >> * getrandom syscalls directly */
> >> - fd = open("/dev/urandom", O_RDONLY);
> >> + fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
> >> if (fd == -1 && errno == ENOENT) {
> >> - fd = open("/dev/random", O_RDONLY);
> >> + fd = open("/dev/random", O_RDONLY | O_CLOEXEC);
> >> }
> >>
> >> if (fd < 0) {
> >
> > Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
>
> Are we at the point where we can declare open(O_CLOEXEC)
> mandatory-supported on all systems we compile on, or do we need to use
> qemu_open() to get the semantics we need (with proper fallback to
> non-atomic fcntl() on older platforms)?
It has been available on Linux for all our targetted distros. I can see
it in man pages for FreeBSD, NetBSD & OpenBSD too, and for macOS 10.6
(~2009).
I think windows is the main one which lacks it, but this #ifdef of the
code isn't built on Windows.
IOW, I think we're safe.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
