the rndlinux module opens a file handle and never closes it

Christian Biere christianbiere at
Mon Dec 18 16:29:57 CET 2006

Max Kellermann wrote:
> The function _gcry_rndlinux_gather_random() in cipher/rndlinux.c opens
> two file handles (fd_random and fd_urandom) which are never closed.
> Since it does not apply the FD_CLOEXEC flag, all subprocesses will
> inherit these two handles without ever using them.
> Please apply this patch which sets the FD_CLOEXEC flag.

The correct way to set this flag is this:

	int flags = fcntl(fd, F_GETFD);
	flags |= FD_CLOEXEC;
	fcntl(fd, F_SETFD, flags);

Paranoids would even check for errors.


More information about the Gcrypt-devel mailing list