From 6c335e1c315a68283b1303afb06a3d5a34adab83 Mon Sep 17 00:00:00 2001
From: Thomas Klausner <wiz@NetBSD.org>
Date: Wed, 25 Feb 2015 22:22:50 +0100
Subject: Close file descriptors on exec.

Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Signed-off-by: Thomas Klausner <wiz@NetBSD.org>
---
 auth.c     | 4 ++++
 choose.c   | 2 ++
 lock.c     | 1 +
 remote.c   | 3 ++-
 restart.c  | 1 +
 saveutil.c | 3 +++
 6 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/auth.c b/auth.c
index 5b3bcac..acc4d1e 100644
--- a/auth.c
+++ b/auth.c
@@ -156,24 +156,28 @@ SetAuthentication(int count, IceListenObj *listenObjs,
 
     if (!(addfp = fopen (addAuthFile, "w")))
 	goto bad;
+    fcntl(fileno(addfp), F_SETFD, FD_CLOEXEC);
 
     if ((remAuthFile = unique_filename (path, ".xsm")) == NULL)
 	goto bad;
 
     if (!(removefp = fopen (remAuthFile, "w")))
 	goto bad;
+    fcntl(fileno(removefp), F_SETFD, FD_CLOEXEC);
 #else
     if ((addAuthFile = unique_filename (path, ".xsm", &fd)) == NULL)
 	goto bad;
     
     if (!(addfp = fdopen(fd, "wb"))) 
 	goto bad;
+    fcntl(fileno(addfp), F_SETFD, FD_CLOEXEC);
 
     if ((remAuthFile = unique_filename (path, ".xsm", &fd)) == NULL)
 	goto bad;
     
     if (!(removefp = fdopen(fd, "wb"))) 
 	goto bad;
+    fcntl(fileno(removefp), F_SETFD, FD_CLOEXEC);
 #endif
 
     if ((*authDataEntries = (IceAuthDataEntry *) XtMalloc (
diff --git a/choose.c b/choose.c
index 6459b61..72f6bb1 100644
--- a/choose.c
+++ b/choose.c
@@ -98,6 +98,8 @@ GetSessionNames(int *count_ret, String **short_names_ret,
     if ((dir = opendir (path)) == NULL)
 	return 0;
 
+    fcntl(dirfd(dir), F_SETFD, FD_CLOEXEC);
+
     count = 0;
 
     while ((entry = readdir (dir)) != NULL)
diff --git a/lock.c b/lock.c
index 84c0ee3..3af78c7 100644
--- a/lock.c
+++ b/lock.c
@@ -121,6 +121,7 @@ GetLockId(const char *session_name)
     {
 	return (NULL);
     }
+    fcntl(fileno(fp), F_SETFD, FD_CLOEXEC);
 
     buf[0] = '\0';
     fscanf (fp, "%255s\n", buf);
diff --git a/remote.c b/remote.c
index 54d95ac..3fb21ec 100644
--- a/remote.c
+++ b/remote.c
@@ -111,7 +111,8 @@ remote_start(const char *restart_protocol, const char *restart_machine,
 	default:		/* parent */
 
 	    close (pipefd[0]);
-	    fp = (FILE *) fdopen (pipefd[1], "w");
+	    fcntl(pipefd[1], F_SETFD, FD_CLOEXEC);
+	    fp = fdopen (pipefd[1], "w");
 
 	    fprintf (fp, "CONTEXT X\n");
 	    fprintf (fp, "DIR %s\n", cwd);
diff --git a/restart.c b/restart.c
index 57663a5..965110e 100644
--- a/restart.c
+++ b/restart.c
@@ -543,6 +543,7 @@ StartDefaultApps (void)
 	    exit (1);
 	}
     }
+    fcntl(fileno(f), F_SETFD, FD_CLOEXEC);
 
     buf = NULL;
     buflen = 0;
diff --git a/saveutil.c b/saveutil.c
index 091763a..486e4cc 100644
--- a/saveutil.c
+++ b/saveutil.c
@@ -72,6 +72,7 @@ ReadSave(const char *session_name, char **sm_id)
 	*sm_id = NULL;
 	return 0;
     }
+    fcntl(fileno(f), F_SETFD, FD_CLOEXEC);
     if (verbose)
 	printf("Reading session save file...\n");
 
@@ -319,6 +320,7 @@ WriteSave(const char *sm_id)
     }
     else
     {
+	fcntl(fileno(f), F_SETFD, FD_CLOEXEC);
 	fprintf (f, "%d\n", SAVEFILE_VERSION);
 	fprintf (f, "%s\n", sm_id);
 
@@ -431,6 +433,7 @@ DeleteSession(const char *session_name)
     if(!f) {
 	return (0);
     }
+    fcntl(fileno(f), F_SETFD, FD_CLOEXEC);
 
     buf = NULL;
     buflen = 0;
-- 
cgit v1.2.3