From 30a86ebc7a0f5a2e0fc698f432ee626cd96525b8 Mon Sep 17 00:00:00 2001 From: Nick Kralevich Date: Mon, 16 Jun 2014 15:32:49 -0700 Subject: [PATCH] fs_mkdirs: use O_NOFOLLOW and O_CLOEXEC Don't follow symlinks. Suggestion from Jann Horn. Also, add O_CLOEXEC. This prevents file descriptor leakage should this code ever run in a multithreaded environment. I'm not sure if either of these changes actually address any security concerns, but it's harmless, so go ahead and add it. Bug: 15675141 Change-Id: I7ba4e9d10439b7150f59759b54e3ad8ccba411e3 --- libcutils/fs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libcutils/fs.c b/libcutils/fs.c index 286a8eb09..45c7add4c 100644 --- a/libcutils/fs.c +++ b/libcutils/fs.c @@ -212,7 +212,7 @@ int fs_mkdirs(const char* path, mode_t mode) { /* Yay, segment is ready for us to step into */ int next_fd; - if ((next_fd = openat(fd, segment, 0)) == -1) { + if ((next_fd = openat(fd, segment, O_NOFOLLOW | O_CLOEXEC)) == -1) { ALOGE("Failed to openat(%s): %s", buf, strerror(errno)); res = -errno; goto done_close;