crypto: Use O_CLOEXEC in qcrypto_random_init
Avoids leaking the /dev/urandom fd into any child processes. Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This commit is contained in:
parent
25fb26e4f4
commit
e9979ca64e
@ -42,9 +42,9 @@ int qcrypto_random_init(Error **errp)
|
|||||||
#else
|
#else
|
||||||
/* TBD perhaps also add support for BSD getentropy / Linux
|
/* TBD perhaps also add support for BSD getentropy / Linux
|
||||||
* getrandom syscalls directly */
|
* getrandom syscalls directly */
|
||||||
fd = open("/dev/urandom", O_RDONLY);
|
fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
|
||||||
if (fd == -1 && errno == ENOENT) {
|
if (fd == -1 && errno == ENOENT) {
|
||||||
fd = open("/dev/random", O_RDONLY);
|
fd = open("/dev/random", O_RDONLY | O_CLOEXEC);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (fd < 0) {
|
if (fd < 0) {
|
||||||
|
Loading…
Reference in New Issue
Block a user