On Android, pipe() is better to be replaced by pipe2() with O_CLOEXEC
flag to avoid file descriptor leakage.
Patch by Jian Cai!
Differential Revision: https://reviews.llvm.org/D61967
llvm-svn: 362673
On Android, pipe2() is better to set O_CLOEXEC flag to avoid file
descriptor leakage.
Patch by Jian Cai!
Differential Revision: https://reviews.llvm.org/D62049
llvm-svn: 362672
to reflect the new license.
We understand that people may be surprised that we're moving the header
entirely to discuss the new license. We checked this carefully with the
Foundation's lawyer and we believe this is the correct approach.
Essentially, all code in the project is now made available by the LLVM
project under our new license, so you will see that the license headers
include that license only. Some of our contributors have contributed
code under our old license, and accordingly, we have retained a copy of
our old license notice in the top-level files in each project and
repository.
llvm-svn: 351636
This check attempts to catch buggy uses of the `TEMP_FAILURE_RETRY`
macro, which is provided by both Bionic and glibc.
Differential Revision: https://reviews.llvm.org/D45059
llvm-svn: 329759
Summary:
epoll_create() is better to be replaced by epoll_create1() with EPOLL_CLOEXEC
flag to avoid file descriptor leakage.
Differential Revision: https://reviews.llvm.org/D35367
llvm-svn: 311029
Summary:
epoll_create1() is better to set EPOLL_CLOEXEC flag to avoid file descriptor leakage.
Differential Revision: https://reviews.llvm.org/D35365
llvm-svn: 311028
Summary:
accept4() is better to set SOCK_CLOEXEC flag to avoid file descriptor leakage.
Differential Revision: https://reviews.llvm.org/D35363
llvm-svn: 311027
Summary:
accept() is better to be replaced by accept4() with SOCK_CLOEXEC
flag to avoid file descriptor leakage.
Differential Revision: https://reviews.llvm.org/D35362
llvm-svn: 311024
Summary:
inotify_init1() is better to set IN_CLOEXEC flag to avoid file descriptor leakage.
Differential Revision: https://reviews.llvm.org/D35368
llvm-svn: 310863
Summary:
inotify_init() is better to be replaced by inotify_init1() with IN_CLOEXEC flag to avoid file descriptor leakage.
Differential Revision: https://reviews.llvm.org/D35370
llvm-svn: 310861
Summary:
dup() is better to be replaced by fcntl() to avoid file descriptor leakage.
Differential Revision: https://reviews.llvm.org/D35364
llvm-svn: 310858
This reverts commit r310630.
The new code broke on Windows and was untested. On Linux, it was
selecting the "int" overload of operator<<, which definitely does not
print the right thing when fed a "Mode" char.
llvm-svn: 310661
Summary:
1. Refactor the structure of the code by adding a base class for all close-on-exec checks, which implements most of the needed functions.
2. memfd_create() is better to set MFD_CLOEXEC flag to avoid file descriptor leakage.
Reviewers: alexfh, aaron.ballman, hokein
Reviewed By: alexfh, hokein
Subscribers: Eugene.Zelenko, chh, cfe-commits, srhines, mgorny, JDevlieghere, xazax.hun
Tags: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D35372
llvm-svn: 310630
Summary: socket() is better to include SOCK_CLOEXEC in its type argument to avoid the file descriptor leakage.
Reviewers: chh, Eugene.Zelenko, alexfh, hokein, aaron.ballman
Reviewed By: chh, alexfh
Subscribers: srhines, mgorny, JDevlieghere, xazax.hun, cfe-commits
Tags: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D34913
llvm-svn: 307818
Summary:
1. Rename android-file-open-flag to android-cloexec-open.
2. Handle a case when the function is passed as an argument of a function-like macro.
Reviewers: chh
Reviewed By: chh
Subscribers: srhines, mgorny, JDevlieghere, xazax.hun, cfe-commits
Tags: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D34633
llvm-svn: 306728
Summary:
A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.).
Add a new Android module and one checks in clang-tidy.
-- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag]
Links to part2 and part3:
https://reviews.llvm.org/D33745https://reviews.llvm.org/D33747
Reviewers: chh, alexfh, aaron.ballman, hokein
Reviewed By: alexfh, hokein
Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski
Tags: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D33304
llvm-svn: 306165
George Burgess IV