[Qemu-devel] [PATCH v7 04/24] crypto: Use O_CLOEXEC in qcrypto_random_init

Richard Henderson Tue, 14 May 2019 12:24:34 -0700

Avoids leaking the /dev/urandom fd into any child processes.

Reviewed-by: Laurent Vivier <lviv...@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <phi...@redhat.com>
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com>
Signed-off-by: Richard Henderson <richard.hender...@linaro.org>
---
 crypto/random-platform.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


diff --git a/crypto/random-platform.c b/crypto/random-platform.c
index 260b64564d..6df40744c7 100644
--- a/crypto/random-platform.c
+++ b/crypto/random-platform.c
@@ -42,9 +42,9 @@ int qcrypto_random_init(Error **errp)
 #else
     /* TBD perhaps also add support for BSD getentropy / Linux
      * getrandom syscalls directly */
-    fd = open("/dev/urandom", O_RDONLY);
+    fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
     if (fd == -1 && errno == ENOENT) {
-        fd = open("/dev/random", O_RDONLY);
+        fd = open("/dev/random", O_RDONLY | O_CLOEXEC);
     }
 
     if (fd < 0) {
-- 
2.17.1

[Qemu-devel] [PATCH v7 04/24] crypto: Use O_CLOEXEC in qcrypto_random_init

Reply via email to