Global: add missing O_CLOEXEC to open() #1811
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR enhances security by adding the O_CLOEXEC flag to all open() calls across Unix-specific utilities and detection modules, preventing file descriptor leaks into child processes.
- Added
O_CLOEXECtoopen()invocations in various modules - Updated error messages where flags are included in the failure string
- Ensured all new flags align with existing
FF_AUTO_CLOSE_FDsemantics
Reviewed Changes
Copilot reviewed 17 out of 17 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| src/util/smbiosHelper.c | Use O_CLOEXEC when opening /dev/mem and /dev/smbios |
| src/util/binary_linux.c | Add O_CLOEXEC on ELF file opens |
| src/detection/sound/sound_nbsd.c | Add O_CLOEXEC to /dev/audio opens |
| src/detection/sound/sound_bsd.c | Add O_CLOEXEC to /dev/mixer opens |
| src/detection/physicaldisk/physicaldisk_haiku.c | Add O_CLOEXEC to raw disk opens |
| src/detection/gpu/gpu_linux.c | Add O_CLOEXEC to /dev/dri/* opens |
| src/detection/gpu/gpu_haiku.c | Add O_CLOEXEC when opening POKE device |
| src/detection/gpu/gpu_drm.c | Add O_CLOEXEC to DRM render device opens |
| src/detection/gpu/gpu_bsd.c | Add O_CLOEXEC to DRM and PCI device opens |
| src/detection/cpu/cpu_nbsd.c | Add O_CLOEXEC to _PATH_SYSMON opens |
| src/detection/cpu/cpu_linux.c | Add O_CLOEXEC to CPU sysfs directory opens |
| src/detection/camera/camera_linux.c | Add O_CLOEXEC to /dev/video* opens |
| src/detection/brightness/brightness_obsd.c | Add O_CLOEXEC to TTY brightness device opens |
| src/detection/bootmgr/bootmgr_bsd.c | Add O_CLOEXEC to /dev/efi opens |
| src/detection/battery/battery_obsd.c | Add O_CLOEXEC to /dev/apm opens |
| src/detection/battery/battery_nbsd.c | Add O_CLOEXEC to _PATH_SYSMON opens |
| src/common/io/io_unix.c | Add O_CLOEXEC to recursive directory listing opens |
|
|
||
| // Open the ELF file | ||
| FF_AUTO_CLOSE_FD int fd = open(elfFile, O_RDONLY, 0); | ||
| FF_AUTO_CLOSE_FD int fd = open(elfFile, O_RDONLY | O_CLOEXEC, 0); |
There was a problem hiding this comment.
Remove the unnecessary third mode argument (0) from this open() call since no O_CREAT flag is used.
Suggested change
| FF_AUTO_CLOSE_FD int fd = open(elfFile, O_RDONLY | O_CLOEXEC, 0); | |
| FF_AUTO_CLOSE_FD int fd = open(elfFile, O_RDONLY | O_CLOEXEC); |
Copilot uses AI. Check for mistakes.
| static const char* detectByPci(const FFGPUOptions* options, FFlist* gpus) | ||
| { | ||
| FF_AUTO_CLOSE_FD int fd = open("/dev/pci", O_RDONLY, 0); | ||
| FF_AUTO_CLOSE_FD int fd = open("/dev/pci", O_RDONLY | O_CLOEXEC, 0); |
There was a problem hiding this comment.
Similarly, drop the redundant mode parameter (0) from open() when not creating a file.
Suggested change
| FF_AUTO_CLOSE_FD int fd = open("/dev/pci", O_RDONLY | O_CLOEXEC, 0); | |
| FF_AUTO_CLOSE_FD int fd = open("/dev/pci", O_RDONLY | O_CLOEXEC); |
Copilot uses AI. Check for mistakes.
| FF_DEBUG("Parsed SMBIOS entry address: 0x%lx", (unsigned long)entryAddress); | ||
|
|
||
| FF_AUTO_CLOSE_FD int fd = open("/dev/mem", O_RDONLY); | ||
| FF_AUTO_CLOSE_FD int fd = open("/dev/mem", O_RDONLY | O_CLOEXEC); |
There was a problem hiding this comment.
[nitpick] Consider introducing a small wrapper or macro for open-with-cloexec to reduce repetition and avoid forgetting the flag in future calls.
Suggested change
| FF_AUTO_CLOSE_FD int fd = open("/dev/mem", O_RDONLY | O_CLOEXEC); | |
| FF_AUTO_CLOSE_FD int fd = open_with_cloexec("/dev/mem", O_RDONLY); |
Copilot uses AI. Check for mistakes.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
All *nix systems support this flag, use it as possible as it can. Other programs such as Python and Golang have already defaultly set it.
Look at the Golang's runtime For an example:
