From bbbd329e9a1274d0a7bfb7b741894f5417b43538 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sun, 19 Feb 2017 13:23:51 +0100
Subject: Ensure lacme's config file descriptor has the FD_CLOEXEC bit set.

---
 lacme | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'lacme')

diff --git a/lacme b/lacme
index 6c7f48d..8cbed17 100755
--- a/lacme
+++ b/lacme
@@ -68,6 +68,7 @@ $COMMAND = $COMMAND =~ /\A(new-reg|reg=\p{Print}*|new-cert|revoke-cert)\z/ ? $1
          : usage(1, "Invalid command: $COMMAND"); # validate and untaint $COMMAND
 @ARGV = map { /\A(\p{Print}*)\z/ ? $1 : die } @ARGV; # untaint @ARGV
 
+sub set_FD_CLOEXEC($$);
 my $CONFFILENAME = $OPTS{config} // first { -f $_ }
    ( "./$NAME.conf"
    , ($ENV{XDG_CONFIG_HOME} // "$ENV{HOME}/.config")."/lacme/$NAME.conf"
@@ -79,6 +80,7 @@ do {
     open $CONFFILE, '<', $CONFFILENAME or die "Can't open $CONFFILENAME: $!\n";
     my $conf = do { local $/ = undef; <$CONFFILE> };
     # don't close $CONFFILE so we can pass it to the client
+    set_FD_CLOEXEC($CONFFILE, 1);
 
     my $h = Config::Tiny::->read_string($conf) or die Config::Tiny::->errstr()."\n";
     my $defaults = delete $h->{_} // {};
-- 
cgit v1.2.3