shithub: riscv

Download patch

ref: 383a2ca79be58cb18f4df9ddc721e8c416e72373
parent: d5928fb515f73ab0d530799654738dedcbfb6279
author: cinap_lenrek <[email protected]>
date: Mon Dec 7 12:14:34 EST 2020 

libsec: open internal file-descriptors with OCEXEC flag


--- a/sys/src/libsec/port/readcert.c
+++ b/sys/src/libsec/port/readcert.c
@@ -8,7 +8,7 @@
 	char *s;
 	Dir *d;
 
-	fd = open(name, OREAD);
+	fd = open(name, OREAD|OCEXEC);
 	if(fd < 0)
 		return nil;
 	if((d = dirfstat(fd)) == nil) {
--- a/sys/src/libsec/port/thumb.c
+++ b/sys/src/libsec/port/thumb.c
@@ -95,7 +95,7 @@
 	}
 	if(access(file, AEXIST) < 0)
 		return 0;	/* not an error */
-	if((bin = Bopen(file, OREAD)) == nil)
+	if((bin = Bopen(file, OREAD|OCEXEC)) == nil)
 		return -1;
 	for(; (line = Brdstr(bin, '\n', 1)) != nil; free(line)){
 		if(tokenize(line, field, nelem(field)) < 2)
--- a/sys/src/libsec/port/tlshand.c
+++ b/sys/src/libsec/port/tlshand.c
@@ -459,7 +459,7 @@
 
 	if(conn == nil)
 		return -1;
-	ctl = open("#a/tls/clone", ORDWR);
+	ctl = open("#a/tls/clone", ORDWR|OCEXEC);
 	if(ctl < 0)
 		return -1;
 	n = read(ctl, buf, sizeof(buf)-1);
@@ -470,7 +470,7 @@
 	buf[n] = 0;
 	snprint(conn->dir, sizeof(conn->dir), "#a/tls/%s", buf);
 	snprint(dname, sizeof(dname), "#a/tls/%s/hand", buf);
-	hand = open(dname, ORDWR);
+	hand = open(dname, ORDWR|OCEXEC);
 	if(hand < 0){
 		close(ctl);
 		return -1;
@@ -592,7 +592,7 @@
 
 	if(conn == nil)
 		return -1;
-	ctl = open("#a/tls/clone", ORDWR);
+	ctl = open("#a/tls/clone", ORDWR|OCEXEC);
 	if(ctl < 0)
 		return -1;
 	n = read(ctl, buf, sizeof(buf)-1);
@@ -603,7 +603,7 @@
 	buf[n] = 0;
 	snprint(conn->dir, sizeof(conn->dir), "#a/tls/%s", buf);
 	snprint(dname, sizeof(dname), "#a/tls/%s/hand", buf);
-	hand = open(dname, ORDWR);
+	hand = open(dname, ORDWR|OCEXEC);
 	if(hand < 0){
 		close(ctl);
 		return -1;
@@ -2178,7 +2178,7 @@
 		unlock(&ciphLock);
 		return nciphers;
 	}
-	j = open("#a/tls/encalgs", OREAD);
+	j = open("#a/tls/encalgs", OREAD|OCEXEC);
 	if(j < 0){
 		werrstr("can't open #a/tls/encalgs: %r");
 		goto out;
@@ -2202,7 +2202,7 @@
 		cipherAlgs[i].ok = ok;
 	}
 
-	j = open("#a/tls/hashalgs", OREAD);
+	j = open("#a/tls/hashalgs", OREAD|OCEXEC);
 	if(j < 0){
 		werrstr("can't open #a/tls/hashalgs: %r");
 		goto out;
@@ -2261,7 +2261,7 @@
 	AuthRpc *rpc;
 
 	// start talking to factotum
-	if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0)
+	if((afd = open("/mnt/factotum/rpc", ORDWR|OCEXEC)) < 0)
 		return nil;
 	if((rpc = auth_allocrpc(afd)) == nil){
 		close(afd);