From e801fa14723494d1a8d648bcd3584e873caead81 Mon Sep 17 00:00:00 2001 From: Petr Machata Date: Sep 22 2008 08:42:20 +0000 Subject: - Mark opened files as cloexec to prevent their leaking through fork - Resolves: #462090 --- diff --git a/make-3.81-fdleak.patch b/make-3.81-fdleak.patch new file mode 100644 index 0000000..442ee54 --- /dev/null +++ b/make-3.81-fdleak.patch @@ -0,0 +1,60 @@ +diff -urp make-3.81/read.c make-3.81-leak/read.c +--- make-3.81/read.c 2006-03-17 15:24:20.000000000 +0100 ++++ make-3.81-leak/read.c 2008-09-16 16:43:12.000000000 +0200 +@@ -296,6 +300,37 @@ restore_conditionals (struct conditional + conditionals = saved; + } + ++/* If possible, open the file and mark it close-on-exec, so that make ++ doesn't leak the descriptor to binaries called via $(shell ...).*/ ++static FILE * ++open_makefile (char *filename) ++{ ++ FILE *fp; ++ ++#if HAVE_FDOPEN ++ int fd = open (filename, O_RDONLY); ++ int save; ++ if (fd < 0) ++ return NULL; ++ ++ fp = fdopen (fd, "r"); ++ if (fp == NULL) ++ { ++ save = errno; ++ close (fd); ++ errno = save; ++ return NULL; ++ } ++ ++ CLOSE_ON_EXEC (fd); ++ ++#else ++ fp = fopen (filename, "r"); ++#endif ++ ++ return fp; ++} ++ + static int + eval_makefile (char *filename, int flags) + { +@@ -335,7 +376,8 @@ eval_makefile (char *filename, int flags + filename = expanded; + } + +- ebuf.fp = fopen (filename, "r"); ++ ebuf.fp = open_makefile (filename); ++ + /* Save the error code so we print the right message later. */ + makefile_errno = errno; + +@@ -348,7 +390,7 @@ eval_makefile (char *filename, int flags + for (i = 0; include_directories[i] != 0; ++i) + { + included = concat (include_directories[i], "/", filename); +- ebuf.fp = fopen (included, "r"); ++ ebuf.fp = open_makefile (included); + if (ebuf.fp) + { + filename = included; diff --git a/make.spec b/make.spec index 5d7965c..2244f6f 100644 --- a/make.spec +++ b/make.spec @@ -3,7 +3,7 @@ Summary: A GNU tool which simplifies the build process for users Name: make Epoch: 1 Version: 3.81 -Release: 12%{?dist} +Release: 13%{?dist} License: GPLv2+ Group: Development/Tools URL: http://www.gnu.org/software/make/ @@ -16,6 +16,7 @@ Patch7: make-3.81-memory.patch Patch8: make-3.81-rlimit.patch Patch9: make-3.81-newlines.patch Patch10: make-3.81-jobserver.patch +Patch11: make-3.81-fdleak.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires(post): /sbin/install-info Requires(preun): /sbin/install-info @@ -38,6 +39,7 @@ makefile. %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 %build %configure @@ -76,6 +78,10 @@ fi %{_infodir}/*.info* %changelog +* Tue Sep 16 2008 Petr Machata - 1:3.81-13 +- Mark opened files as cloexec to prevent their leaking through fork +- Resolves: #462090 + * Tue Mar 25 2008 Petr Machata - 1:3.81-12 - Fix the rlimit patch. The success flag is kept in memory shared with parent process after vfork, and so cannot be reset.