- 
          
- 
                Notifications
    You must be signed in to change notification settings 
- Fork 598
Global: add missing O_CLOEXEC to open() #1811
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR enhances security by adding the O_CLOEXEC flag to all open() calls across Unix-specific utilities and detection modules, preventing file descriptor leaks into child processes.
- Added O_CLOEXECtoopen()invocations in various modules
- Updated error messages where flags are included in the failure string
- Ensured all new flags align with existing FF_AUTO_CLOSE_FDsemantics
Reviewed Changes
Copilot reviewed 17 out of 17 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description | 
|---|---|
| src/util/smbiosHelper.c | Use O_CLOEXECwhen opening/dev/memand/dev/smbios | 
| src/util/binary_linux.c | Add O_CLOEXECon ELF file opens | 
| src/detection/sound/sound_nbsd.c | Add O_CLOEXECto/dev/audioopens | 
| src/detection/sound/sound_bsd.c | Add O_CLOEXECto/dev/mixeropens | 
| src/detection/physicaldisk/physicaldisk_haiku.c | Add O_CLOEXECto raw disk opens | 
| src/detection/gpu/gpu_linux.c | Add O_CLOEXECto/dev/dri/*opens | 
| src/detection/gpu/gpu_haiku.c | Add O_CLOEXECwhen opening POKE device | 
| src/detection/gpu/gpu_drm.c | Add O_CLOEXECto DRM render device opens | 
| src/detection/gpu/gpu_bsd.c | Add O_CLOEXECto DRM and PCI device opens | 
| src/detection/cpu/cpu_nbsd.c | Add O_CLOEXECto_PATH_SYSMONopens | 
| src/detection/cpu/cpu_linux.c | Add O_CLOEXECto CPU sysfs directory opens | 
| src/detection/camera/camera_linux.c | Add O_CLOEXECto/dev/video*opens | 
| src/detection/brightness/brightness_obsd.c | Add O_CLOEXECto TTY brightness device opens | 
| src/detection/bootmgr/bootmgr_bsd.c | Add O_CLOEXECto/dev/efiopens | 
| src/detection/battery/battery_obsd.c | Add O_CLOEXECto/dev/apmopens | 
| src/detection/battery/battery_nbsd.c | Add O_CLOEXECto_PATH_SYSMONopens | 
| src/common/io/io_unix.c | Add O_CLOEXECto recursive directory listing opens | 
|  | ||
| // Open the ELF file | ||
| FF_AUTO_CLOSE_FD int fd = open(elfFile, O_RDONLY, 0); | ||
| FF_AUTO_CLOSE_FD int fd = open(elfFile, O_RDONLY | O_CLOEXEC, 0); | 
    
      
    
      Copilot
AI
    
    
    
      Jun 19, 2025 
    
  
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove the unnecessary third mode argument (0) from this open() call since no O_CREAT flag is used.
| FF_AUTO_CLOSE_FD int fd = open(elfFile, O_RDONLY | O_CLOEXEC, 0); | |
| FF_AUTO_CLOSE_FD int fd = open(elfFile, O_RDONLY | O_CLOEXEC); | 
| static const char* detectByPci(const FFGPUOptions* options, FFlist* gpus) | ||
| { | ||
| FF_AUTO_CLOSE_FD int fd = open("/dev/pci", O_RDONLY, 0); | ||
| FF_AUTO_CLOSE_FD int fd = open("/dev/pci", O_RDONLY | O_CLOEXEC, 0); | 
    
      
    
      Copilot
AI
    
    
    
      Jun 19, 2025 
    
  
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Similarly, drop the redundant mode parameter (0) from open() when not creating a file.
| FF_AUTO_CLOSE_FD int fd = open("/dev/pci", O_RDONLY | O_CLOEXEC, 0); | |
| FF_AUTO_CLOSE_FD int fd = open("/dev/pci", O_RDONLY | O_CLOEXEC); | 
| FF_DEBUG("Parsed SMBIOS entry address: 0x%lx", (unsigned long)entryAddress); | ||
|  | ||
| FF_AUTO_CLOSE_FD int fd = open("/dev/mem", O_RDONLY); | ||
| FF_AUTO_CLOSE_FD int fd = open("/dev/mem", O_RDONLY | O_CLOEXEC); | 
    
      
    
      Copilot
AI
    
    
    
      Jun 19, 2025 
    
  
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[nitpick] Consider introducing a small wrapper or macro for open-with-cloexec to reduce repetition and avoid forgetting the flag in future calls.
| FF_AUTO_CLOSE_FD int fd = open("/dev/mem", O_RDONLY | O_CLOEXEC); | |
| FF_AUTO_CLOSE_FD int fd = open_with_cloexec("/dev/mem", O_RDONLY); | 
All *nix systems support this flag, use it as possible as it can. Other programs such as Python and Golang have already defaultly set it.
Look at the Golang's runtime For an example:
