mirrors/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

crypto: Use O_CLOEXEC in qcrypto_random_init

Browse Source 
Avoids leaking the /dev/urandom fd into any child processes.

Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This commit is contained in:
Richard Henderson 2019-03-13 21:05:54 -07:00
parent 25fb26e4f4
commit e9979ca64e
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
crypto/random-platform.c
View File

@ -42,9 +42,9 @@ int qcrypto_random_init(Error **errp)
#else
/* TBD perhaps also add support for BSD getentropy / Linux
* getrandom syscalls directly */
fd = open("/dev/urandom", O_RDONLY);
fd = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
if (fd == -1 && errno == ENOENT) {
fd = open("/dev/random", O_RDONLY);
fd = open("/dev/random", O_RDONLY | O_CLOEXEC);
}
if (fd < 0) {