forked from OSchip/llvm-project
25 lines
728 B
ReStructuredText
25 lines
728 B
ReStructuredText
.. title:: clang-tidy - android-cloexec-open
|
|
|
|
android-cloexec-open
|
|
====================
|
|
|
|
A common source of security bugs is code that opens a file without using the
|
|
``O_CLOEXEC`` flag. Without that flag, an opened sensitive file would remain
|
|
open across a fork+exec to a lower-privileged SELinux domain, leaking that
|
|
sensitive data. Open-like functions including ``open()``, ``openat()``, and
|
|
``open64()`` should include ``O_CLOEXEC`` in their flags argument.
|
|
|
|
Examples:
|
|
|
|
.. code-block:: c++
|
|
|
|
open("filename", O_RDWR);
|
|
open64("filename", O_RDWR);
|
|
openat(0, "filename", O_RDWR);
|
|
|
|
// becomes
|
|
|
|
open("filename", O_RDWR | O_CLOEXEC);
|
|
open64("filename", O_RDWR | O_CLOEXEC);
|
|
openat(0, "filename", O_RDWR | O_CLOEXEC);
|