From 97b03d016f47a3072b329eb02da48b03dc15bdfd Mon Sep 17 00:00:00 2001 From: Con Kolivas Date: Sun, 24 Aug 2014 19:21:16 +1000 Subject: [PATCH] Make all file opens close on exec to prevent leaving files open on existing and possible future execves --- src/ckdb.c | 18 +++++++++--------- src/ckpool.c | 8 ++++---- src/ktree.c | 2 +- src/libckpool.c | 6 +++--- src/stratifier.c | 6 +++--- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/ckdb.c b/src/ckdb.c index a6a43eff..91ef2658 100644 --- a/src/ckdb.c +++ b/src/ckdb.c @@ -1337,7 +1337,7 @@ static bool rotating_log_nolock(char *msg) bool ok = false; filename = rotating_filename(logname, time(NULL)); - fp = fopen(filename, "a+"); + fp = fopen(filename, "a+e"); if (unlikely(!fp)) { LOGERR("Failed to fopen %s in rotating_log!", filename); goto stageleft; @@ -6100,7 +6100,7 @@ static bool reload() start.tv_sec = DATE_BEGIN; start.tv_usec = 0L; filename = rotating_filename(restorefrom, start.tv_sec); - fp = fopen(filename, "r"); + fp = fopen(filename, "re"); if (fp) fclose(fp); else { @@ -6139,7 +6139,7 @@ static bool write_pid(ckpool_t *ckp, const char *path, pid_t pid) int oldpid; LOGWARNING("File %s exists", path); - fp = fopen(path, "r"); + fp = fopen(path, "re"); if (!fp) { LOGEMERG("Failed to open file %s", path); return false; @@ -6159,7 +6159,7 @@ static bool write_pid(ckpool_t *ckp, const char *path, pid_t pid) LOGWARNING("Killing off old process %s pid %d", path, oldpid); } } - fp = fopen(path, "w"); + fp = fopen(path, "we"); if (!fp) { LOGERR("Failed to open file %s", path); return false; @@ -8789,7 +8789,7 @@ static bool reload_from(tv_t *start) LOGWARNING("%s(): from %s", __func__, buf); filename = rotating_filename(restorefrom, start->tv_sec); - fp = fopen(filename, "r"); + fp = fopen(filename, "re"); if (!fp) quithere(1, "Failed to open '%s'", filename); @@ -8827,7 +8827,7 @@ static bool reload_from(tv_t *start) break; start->tv_sec += ROLL_S; filename = rotating_filename(restorefrom, start->tv_sec); - fp = fopen(filename, "r"); + fp = fopen(filename, "re"); if (!fp) { missingfirst = strdup(filename); free(filename); @@ -8848,7 +8848,7 @@ static bool reload_from(tv_t *start) break; } filename = rotating_filename(restorefrom, start->tv_sec); - fp = fopen(filename, "r"); + fp = fopen(filename, "re"); if (fp) break; errno = 0; @@ -9173,7 +9173,7 @@ static void confirm_reload() start.tv_sec = DATE_BEGIN; start.tv_usec = 0L; filename = rotating_filename(restorefrom, start.tv_sec); - fp = fopen(filename, "r"); + fp = fopen(filename, "re"); if (fp) fclose(fp); else { @@ -9370,7 +9370,7 @@ int main(int argc, char **argv) /* Create the logfile */ sprintf(buf, "%s%s%s.log", ckp.logdir, ckp.name, dbcode); - ckp.logfp = fopen(buf, "a"); + ckp.logfp = fopen(buf, "ae"); if (!ckp.logfp) quit(1, "Failed to open log file %s", buf); ckp.logfd = fileno(ckp.logfp); diff --git a/src/ckpool.c b/src/ckpool.c index e3d05e91..c4dc5c04 100644 --- a/src/ckpool.c +++ b/src/ckpool.c @@ -388,7 +388,7 @@ static int get_proc_pid(proc_instance_t *pi) FILE *fp; sprintf(path, "%s%s.pid", pi->ckp->socket_dir, pi->processname); - fp = fopen(path, "r"); + fp = fopen(path, "re"); if (!fp) goto out; ret = fscanf(fp, "%d", &pid); @@ -615,7 +615,7 @@ static bool write_pid(ckpool_t *ckp, const char *path, pid_t pid) int oldpid; LOGNOTICE("File %s exists", path); - fp = fopen(path, "r"); + fp = fopen(path, "re"); if (!fp) { LOGEMERG("Failed to open file %s", path); return false; @@ -635,7 +635,7 @@ static bool write_pid(ckpool_t *ckp, const char *path, pid_t pid) LOGWARNING("Killing off old process %s pid %d", path, oldpid); } } - fp = fopen(path, "w"); + fp = fopen(path, "we"); if (!fp) { LOGERR("Failed to open file %s", path); return false; @@ -1223,7 +1223,7 @@ int main(int argc, char **argv) /* Create the logfile */ sprintf(buf, "%s%s.log", ckp.logdir, ckp.name); - ckp.logfp = fopen(buf, "a"); + ckp.logfp = fopen(buf, "ae"); if (!ckp.logfp) quit(1, "Failed to make open log file %s", buf); /* Make logging line buffered */ diff --git a/src/ktree.c b/src/ktree.c index 00c96456..c6e8d3d1 100644 --- a/src/ktree.c +++ b/src/ktree.c @@ -144,7 +144,7 @@ void _dsp_ktree(K_LIST *list, K_TREE *root, char *filename, char *msg, KTREE_FFL tm.tm_min, tm.tm_sec); - stream = fopen(filename, "a"); + stream = fopen(filename, "ae"); if (!stream) { fprintf(stderr, "%s %s() failed to open '%s' (%d) %s", diff --git a/src/libckpool.c b/src/libckpool.c index bc51fa40..ea45487d 100644 --- a/src/libckpool.c +++ b/src/libckpool.c @@ -999,15 +999,15 @@ bool rotating_log(const char *path, const char *msg) bool ok = false; filename = rotating_filename(path, time(NULL)); - fd = open(filename, O_CREAT|O_RDWR, mode); + fd = open(filename, O_CREAT | O_RDWR | O_CLOEXEC , mode); if (unlikely(fd == -1)) { LOGERR("Failed to open %s in rotating_log!", filename); goto stageleft; } - fp = fdopen(fd, "a"); + fp = fdopen(fd, "ae"); if (unlikely(!fp)) { close(fd); - LOGERR("Failed to fopen %s in rotating_log!", filename); + LOGERR("Failed to fdopen %s in rotating_log!", filename); goto stageleft; } if (unlikely(flock(fd, LOCK_EX))) { diff --git a/src/stratifier.c b/src/stratifier.c index 474410db..e122f5e6 100644 --- a/src/stratifier.c +++ b/src/stratifier.c @@ -1873,7 +1873,7 @@ out_unlock: json_set_string(val, "username", user_instance->username); if (ckp->logshares) { - fp = fopen(fname, "a"); + fp = fopen(fname, "ae"); if (likely(fp)) { s = json_dumps(val, 0); len = strlen(s); @@ -2400,7 +2400,7 @@ static void *statsupdate(void *arg) suffix_string(ghs1440, suffix1440, 16, 0); snprintf(fname, 511, "%s/pool.status", ckp->logdir); - fp = fopen(fname, "w"); + fp = fopen(fname, "we"); if (unlikely(!fp)) LOGERR("Failed to fopen %s", fname); @@ -2474,7 +2474,7 @@ static void *statsupdate(void *arg) "hashrate1d", suffix1440); snprintf(fname, 511, "%s/%s", ckp->logdir, client->workername); - fp = fopen(fname, "w"); + fp = fopen(fname, "we"); if (unlikely(!fp)) { LOGERR("Failed to fopen %s", fname); continue;