commit e8cac16e03c5b86eebd6e50b267a3f0479bf3a81
from: Omar Polo <op@omarpolo.com>
date: Fri Nov 06 13:18:17 2020 UTC

mark every open file as close-on-exec

commit - 72342dc9606a0283490a3a9283d2ed2d31888eeb
commit + e8cac16e03c5b86eebd6e50b267a3f0479bf3a81
blob - 0a0ff2452bc0b320e96cb59ac92e3e0487ff5e53
blob + cda5b72ba0095337cbedd0d7bbeac93cbb45f206
--- gmid.c
+++ gmid.c
@@ -310,7 +310,8 @@ open_file(char *path, struct pollfd *fds, struct clien
 		fpath[0] = '.';
 	strlcat(fpath, path, PATHBUF);
 
-	if ((c->fd = openat(dirfd, fpath, O_RDONLY | O_NOFOLLOW)) == -1) {
+	if ((c->fd = openat(dirfd, fpath,
+		    O_RDONLY | O_NOFOLLOW | O_CLOEXEC)) == -1) {
 		LOG(c, "open failed: %s", fpath);
 		if (!start_reply(fds, c, NOT_FOUND, "not found"))
 			return 0;
@@ -831,7 +832,7 @@ main(int argc, char **argv)
 
 		case 'l':
 			/* open log file or create it with 644 */
-			if ((logfd = open(optarg, O_WRONLY | O_CREAT,
+			if ((logfd = open(optarg, O_WRONLY | O_CREAT | O_CLOEXEC,
 					S_IRUSR | S_IWUSR | S_IRGRP | S_IWOTH)) == -1)
 				err(1, "%s", optarg);
 			break;