diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2020-12-07 17:14:34 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2020-12-07 17:14:34 +0100 |
| commit | 383a2ca79be58cb18f4df9ddc721e8c416e72373 (patch) | |
| tree | ac6df1031df30e88be9390647f3f8f283c104614 | |
| parent | d5928fb515f73ab0d530799654738dedcbfb6279 (diff) | |
| download | plan9front-383a2ca79be58cb18f4df9ddc721e8c416e72373.tar.xz | |
libsec: open internal file-descriptors with OCEXEC flag
| -rw-r--r-- | sys/src/libsec/port/readcert.c | 2 | ||||
| -rw-r--r-- | sys/src/libsec/port/thumb.c | 2 | ||||
| -rw-r--r-- | sys/src/libsec/port/tlshand.c | 14 |
3 files changed, 9 insertions, 9 deletions
diff --git a/sys/src/libsec/port/readcert.c b/sys/src/libsec/port/readcert.c index 90ed884e2..f2758ce91 100644 --- a/sys/src/libsec/port/readcert.c +++ b/sys/src/libsec/port/readcert.c @@ -8,7 +8,7 @@ readfile(char *name) char *s; Dir *d; - fd = open(name, OREAD); + fd = open(name, OREAD|OCEXEC); if(fd < 0) return nil; if((d = dirfstat(fd)) == nil) { diff --git a/sys/src/libsec/port/thumb.c b/sys/src/libsec/port/thumb.c index 73add8db1..72e7d24a8 100644 --- a/sys/src/libsec/port/thumb.c +++ b/sys/src/libsec/port/thumb.c @@ -95,7 +95,7 @@ loadThumbprints(char *file, char *tag, Thumbprint *table, Thumbprint *crltab, in } if(access(file, AEXIST) < 0) return 0; /* not an error */ - if((bin = Bopen(file, OREAD)) == nil) + if((bin = Bopen(file, OREAD|OCEXEC)) == nil) return -1; for(; (line = Brdstr(bin, '\n', 1)) != nil; free(line)){ if(tokenize(line, field, nelem(field)) < 2) diff --git a/sys/src/libsec/port/tlshand.c b/sys/src/libsec/port/tlshand.c index 5f5aced9a..ee1bd270f 100644 --- a/sys/src/libsec/port/tlshand.c +++ b/sys/src/libsec/port/tlshand.c @@ -459,7 +459,7 @@ tlsServer(int fd, TLSconn *conn) if(conn == nil) return -1; - ctl = open("#a/tls/clone", ORDWR); + ctl = open("#a/tls/clone", ORDWR|OCEXEC); if(ctl < 0) return -1; n = read(ctl, buf, sizeof(buf)-1); @@ -470,7 +470,7 @@ tlsServer(int fd, TLSconn *conn) buf[n] = 0; snprint(conn->dir, sizeof(conn->dir), "#a/tls/%s", buf); snprint(dname, sizeof(dname), "#a/tls/%s/hand", buf); - hand = open(dname, ORDWR); + hand = open(dname, ORDWR|OCEXEC); if(hand < 0){ close(ctl); return -1; @@ -592,7 +592,7 @@ tlsClient(int fd, TLSconn *conn) if(conn == nil) return -1; - ctl = open("#a/tls/clone", ORDWR); + ctl = open("#a/tls/clone", ORDWR|OCEXEC); if(ctl < 0) return -1; n = read(ctl, buf, sizeof(buf)-1); @@ -603,7 +603,7 @@ tlsClient(int fd, TLSconn *conn) buf[n] = 0; snprint(conn->dir, sizeof(conn->dir), "#a/tls/%s", buf); snprint(dname, sizeof(dname), "#a/tls/%s/hand", buf); - hand = open(dname, ORDWR); + hand = open(dname, ORDWR|OCEXEC); if(hand < 0){ close(ctl); return -1; @@ -2178,7 +2178,7 @@ initCiphers(void) unlock(&ciphLock); return nciphers; } - j = open("#a/tls/encalgs", OREAD); + j = open("#a/tls/encalgs", OREAD|OCEXEC); if(j < 0){ werrstr("can't open #a/tls/encalgs: %r"); goto out; @@ -2202,7 +2202,7 @@ initCiphers(void) cipherAlgs[i].ok = ok; } - j = open("#a/tls/hashalgs", OREAD); + j = open("#a/tls/hashalgs", OREAD|OCEXEC); if(j < 0){ werrstr("can't open #a/tls/hashalgs: %r"); goto out; @@ -2261,7 +2261,7 @@ factotum_rsa_open(RSApub *rsapub) AuthRpc *rpc; // start talking to factotum - if((afd = open("/mnt/factotum/rpc", ORDWR)) < 0) + if((afd = open("/mnt/factotum/rpc", ORDWR|OCEXEC)) < 0) return nil; if((rpc = auth_allocrpc(afd)) == nil){ close(afd); |