On 3/14/19 10:34 AM, Daniel P. Berrangé wrote: > On Wed, Mar 13, 2019 at 09:55:16PM -0700, Richard Henderson wrote: >> Avoids leaking the /dev/urandom fd into any child processes. >> >> Cc: Daniel P. Berrangé <berra...@redhat.com> >> Signed-off-by: Richard Henderson <richard.hender...@linaro.org> >> --- >> crypto/random-platform.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/crypto/random-platform.c b/crypto/random-platform.c >> index 0866f216dc..8bfce99a65 100644 >> --- a/crypto/random-platform.c >> +++ b/crypto/random-platform.c >> @@ -42,9 +42,9 @@ int qcrypto_random_init(Error **errp) >> #else >> /* TBD perhaps also add support for BSD getentropy / Linux >> * getrandom syscalls directly */ >> - fd = open("/dev/urandom", O_RDONLY); >> + fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC); >> if (fd == -1 && errno == ENOENT) { >> - fd = open("/dev/random", O_RDONLY); >> + fd = open("/dev/random", O_RDONLY | O_CLOEXEC); >> } >> >> if (fd < 0) { > > Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
Are we at the point where we can declare open(O_CLOEXEC) mandatory-supported on all systems we compile on, or do we need to use qemu_open() to get the semantics we need (with proper fallback to non-atomic fcntl() on older platforms)? -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3226 Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature