From cc34b672c114e027e8e6bdb0c901bb4b2607ff3f Mon Sep 17 00:00:00 2001 From: guenther <> Date: Mon, 4 Aug 2025 04:59:31 +0000 Subject: Implement the POSIX-2024 close-on-fork flag, but modified to be reset on exec as preserving it across exec is not necessary for its original purpose and has security and usability concerns. Many thanks to Ricardo Branco (rbranco (at) suse.de) who did an independent implementation, caught that /dev/fd/* needed to be handled, and provided a port of the illumos test suite. Thanks to tb@ for assistance with that. ok deraadt@ --- src/lib/libc/stdlib/mkstemp.c | 5 +++-- src/lib/libc/stdlib/mktemp.3 | 14 +++++++------- 2 files changed, 10 insertions(+), 9 deletions(-) (limited to 'src/lib') diff --git a/src/lib/libc/stdlib/mkstemp.c b/src/lib/libc/stdlib/mkstemp.c index 75a9d27d1a..760575005f 100644 --- a/src/lib/libc/stdlib/mkstemp.c +++ b/src/lib/libc/stdlib/mkstemp.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mkstemp.c,v 1.1 2024/01/19 19:45:02 millert Exp $ */ +/* $OpenBSD: mkstemp.c,v 1.2 2025/08/04 04:59:31 guenther Exp $ */ /* * Copyright (c) 2024 Todd C. Miller * @@ -20,7 +20,8 @@ #include #include -#define MKOSTEMP_FLAGS (O_APPEND | O_CLOEXEC | O_DSYNC | O_RSYNC | O_SYNC) +#define MKOSTEMP_FLAGS \ + (O_APPEND | O_CLOEXEC | O_CLOFORK | O_DSYNC | O_RSYNC | O_SYNC) static int mkstemp_cb(const char *path, int flags) diff --git a/src/lib/libc/stdlib/mktemp.3 b/src/lib/libc/stdlib/mktemp.3 index 83b7c9eb30..e57ac77717 100644 --- a/src/lib/libc/stdlib/mktemp.3 +++ b/src/lib/libc/stdlib/mktemp.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: mktemp.3,v 1.2 2024/03/01 21:30:40 millert Exp $ +.\" $OpenBSD: mktemp.3,v 1.3 2025/08/04 04:59:31 guenther Exp $ .\" .\" Copyright (c) 1989, 1991, 1993 .\" The Regents of the University of California. All rights reserved. @@ -27,7 +27,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: March 1 2024 $ +.Dd $Mdocdate: August 4 2025 $ .Dt MKTEMP 3 .Os .Sh NAME @@ -119,6 +119,8 @@ system call: Append on each write. .It Dv O_CLOEXEC Set the close-on-exec flag on the new file descriptor. +.It Dv O_CLOFORK +Set the close-on-fork flag on the new file descriptor. .It Dv O_SYNC Perform synchronous I/O operations. .El @@ -345,18 +347,16 @@ function. .Xr tmpnam 3 .Sh STANDARDS The -.Fn mkdtemp +.Fn mkdtemp , +.Fn mkostemp , and .Fn mkstemp functions conform to the -.St -p1003.1-2008 +.St -p1003.1-2024 specification. The ability to specify more than six .Em X Ns s is an extension to that standard. -The -.Fn mkostemp -function is expected to conform to a future revision of that standard. .Pp The .Fn mktemp -- cgit v1.2.3-55-g6feb