Set close-on-exec file for file inputs

We don't want to leak descriptors to child PROCESSES (!= threads) such
as the pseudo-CGI interface. The socket wrappers ahve already been doing
that for a while. Unfortunately, there are still many "leaks", through
underlying libraries, opendir(), fopen(), etc. And then, this is not
thread-safe (we leak if another thread calls fork() between open() and
fcntl()). This is a well-known limitation in POSIX anyway.

diff --git a/modules/access/file.c b/modules/access/file.c
index bd195d51d24da3ae7581c19fc83a72fa9b7162dc..70a50c527c96138ccdd87a68b0a800deeb0523fb 100644 (file)
--- a/modules/access/file.c
+++ b/modules/access/file.c
@@ -349,6 +349,7 @@ static int open_file (access_t *p_access, const char *path)
                         _("VLC could not open the file \"%s\"."), path);
         return -1;
     }
+    fcntl (fd, F_SETFD, fcntl (fd, F_GETFD) | FD_CLOEXEC);
 
 #if defined(HAVE_FCNTL_H)
     /* We'd rather use any available memory for reading ahead

diff --git a/modules/access/mmap.c b/modules/access/mmap.c
index eb551abc651100b06e21ff8bb38b4a36ddd97260..823e6d49d71d7b4a8f288bdd324df63d53b90648 100644 (file)
--- a/modules/access/mmap.c
+++ b/modules/access/mmap.c
@@ -104,6 +104,7 @@ static int Open (vlc_object_t *p_this)
         msg_Warn (p_access, "cannot open %s: %m", path);
         goto error;
     }
+    fcntl (fd, F_SETFD, fcntl (fd, F_GETFD) | FD_CLOEXEC);
 
     /* mmap() is only safe for regular and block special files.
      * For other types, it may be some idiosyncrasic interface (e.g. packet