Set FD_CLOEXEC on file descriptors obtained from open() and fopen()

Includes an update of mini_chromium to 3a2d52d74c9a: 3a2d52d74c9a Use O_CLOEXEC (and O_NOCTTY) when calling open() BUG=chromium:688362 Change-Id: I2bdf86efe4e6559ecb77492ac5bdc728aa035889 Reviewed-on: https://chromium-review.googlesource.com/447999 Reviewed-by: Scott Graham <scottmg@chromium.org>
2017-02-28 16:15:25 -05:00 · 2017-02-28 16:15:25 -05:00 · 58aac1bd87
--- a/2
+++ b/2
@ -38,7 +38,7 @@ deps = {

  'crashpad/third_party/mini_chromium/mini_chromium':
      Var('chromium_git') + '/chromium/mini_chromium@' +
-      'f65519e442d23498937251e680a3b113927613b0',
+      '3a2d52d74c9af5277bf6456cc00ae728f89c4898',
  'crashpad/third_party/zlib/zlib':
      Var('chromium_git') + '/chromium/src/third_party/zlib@' +
      '13dc246a58e4b72104d35f9b1809af95221ebda7',
--- a/client/crash_report_database_mac.mm
+++ b/client/crash_report_database_mac.mm
@ -299,9 +299,10 @@ CrashReportDatabaseMac::PrepareNewCrashReport(NewReport** out_report) {
      base_dir_.Append(kWriteDirectory)
          .Append(report->uuid.ToString() + "." + kCrashReportFileExtension);

-  report->handle = HANDLE_EINTR(open(report->path.value().c_str(),
-                                     O_CREAT | O_WRONLY | O_EXCL | O_EXLOCK,
-                                     0600));
+  report->handle = HANDLE_EINTR(
+      open(report->path.value().c_str(),
+           O_WRONLY | O_EXLOCK | O_CREAT | O_EXCL | O_NOCTTY | O_CLOEXEC,
+           0600));
  if (report->handle < 0) {
    PLOG(ERROR) << "open " << report->path.value();
    return kFileSystemError;
@ -612,8 +613,9 @@ CrashReportDatabase::OperationStatus CrashReportDatabaseMac::RequestUpload(
 // static
 base::ScopedFD CrashReportDatabaseMac::ObtainReportLock(
    const base::FilePath& path) {
-  int fd = HANDLE_EINTR(open(path.value().c_str(),
-                             O_RDONLY | O_EXLOCK | O_NONBLOCK));
+  int fd = HANDLE_EINTR(
+      open(path.value().c_str(),
+           O_RDONLY | O_NONBLOCK | O_EXLOCK | O_NOCTTY | O_CLOEXEC));
  PLOG_IF(ERROR, fd < 0) << "open lock " << path.value();
  return base::ScopedFD(fd);
 }
--- a/tools/mac/catch_exception_tool.cc
+++ b/tools/mac/catch_exception_tool.cc
@ -12,6 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

+#include <fcntl.h>
 #include <getopt.h>
 #include <libgen.h>
 #include <stdio.h>
@ -279,6 +280,10 @@ int CatchExceptionToolMain(int argc, char* argv[]) {
      return EXIT_FAILURE;
    }
    options.file = file_owner.get();
+    if (fcntl(fileno(options.file), F_SETFD, FD_CLOEXEC) == -1) {
+      PLOG(ERROR) << "fcntl " << options.file_path;
+      return EXIT_FAILURE;
+    }
  }

  int exceptions_handled = 0;
--- a/util/file/file_io_posix.cc
+++ b/util/file/file_io_posix.cc
@ -80,10 +80,11 @@ FileHandle OpenFileForOutput(int rdwr_or_wronly,
                             const base::FilePath& path,
                             FileWriteMode mode,
                             FilePermissions permissions) {
+  int flags = O_NOCTTY | O_CLOEXEC;
+
  DCHECK(rdwr_or_wronly & (O_RDWR | O_WRONLY));
  DCHECK_EQ(rdwr_or_wronly & ~(O_RDWR | O_WRONLY), 0);
-
-  int flags = rdwr_or_wronly;
+  flags |= rdwr_or_wronly;

  switch (mode) {
    case FileWriteMode::kReuseOrFail:
@ -118,7 +119,8 @@ FileOperationResult WriteFile(FileHandle file,
 }

 FileHandle OpenFileForRead(const base::FilePath& path) {
-  return HANDLE_EINTR(open(path.value().c_str(), O_RDONLY));
+  return HANDLE_EINTR(
+      open(path.value().c_str(), O_RDONLY | O_NOCTTY | O_CLOEXEC));
 }

 FileHandle OpenFileForWrite(const base::FilePath& path,
--- a/util/mac/xattr_test.cc
+++ b/util/mac/xattr_test.cc
@ -37,8 +37,10 @@ class Xattr : public testing::Test {

  void SetUp() override {
    path_ = temp_dir_.path().Append("xattr_file");
-    base::ScopedFD tmp(HANDLE_EINTR(
-          open(path_.value().c_str(), O_CREAT | O_TRUNC, 0644)));
+    base::ScopedFD tmp(
+        HANDLE_EINTR(open(path_.value().c_str(),
+                          O_WRONLY | O_CREAT | O_TRUNC | O_NOCTTY | O_CLOEXEC,
+                          0644)));
    EXPECT_GE(tmp.get(), 0) << ErrnoMessage("open");
  }

--- a/util/posix/close_multiple.cc
+++ b/util/posix/close_multiple.cc
@ -211,7 +211,7 @@ void CloseMultipleNowOrOnExec(int fd, int preserve_fd) {
  // do_prlimit() and kernel/sysctl.c fs_table. Inability to open this file is
  // not considered an error, because /proc may not be available or usable.
  {
-    base::ScopedFILE nr_open_file(fopen("/proc/sys/fs/nr_open", "r"));
+    base::ScopedFILE nr_open_file(fopen("/proc/sys/fs/nr_open", "re"));
    if (nr_open_file.get() != nullptr) {
      int nr_open;
      if (fscanf(nr_open_file.get(), "%d\n", &nr_open) == 1 &&
--- a/util/posix/close_stdio.cc
+++ b/util/posix/close_stdio.cc
@ -27,7 +27,8 @@ namespace crashpad {
 namespace {

 void CloseStdioStream(int desired_fd, int oflag) {
-  base::ScopedFD fd(HANDLE_EINTR(open(_PATH_DEVNULL, oflag)));
+  base::ScopedFD fd(
+      HANDLE_EINTR(open(_PATH_DEVNULL, oflag | O_NOCTTY | O_CLOEXEC)));
  if (fd == desired_fd) {
    // Weird, but play along.
    ignore_result(fd.release());
--- a/util/posix/process_info_test.cc
+++ b/util/posix/process_info_test.cc
@ -103,7 +103,7 @@ void TestSelfProcess(const ProcessInfo& process_info) {
 #elif defined(OS_LINUX) || defined(OS_ANDROID)
  std::vector<std::string> expect_arg_vector;
  {
-    base::ScopedFILE cmdline(fopen("/proc/self/cmdline", "r"));
+    base::ScopedFILE cmdline(fopen("/proc/self/cmdline", "re"));
    ASSERT_NE(nullptr, cmdline.get()) << ErrnoMessage("fopen");

    int expect_arg_char;