Issue #23458: On POSIX, the file descriptor kept open by os.urandom() is now

set to non inheritable
author: Victor Stinner <victor.stinner@gmail.com> 2015-02-24 13:30:43 (GMT)
committer: Victor Stinner <victor.stinner@gmail.com> 2015-02-24 13:30:43 (GMT)
commit: e0a0bd6eaa40c132e1a270df6ae73c1d87628188 (patch)
tree: e74c2165733b9c9df97bbb2f4d150efb21d04d95 /Python
parent: 0e4da40e58a81823ecd39f6e882367e2ce622b32 (diff)
download: cpython-e0a0bd6eaa40c132e1a270df6ae73c1d87628188.zip
cpython-e0a0bd6eaa40c132e1a270df6ae73c1d87628188.tar.gz
cpython-e0a0bd6eaa40c132e1a270df6ae73c1d87628188.tar.bz2
1 files changed, 9 insertions, 0 deletions
diff --git a/Python/random.c b/Python/random.c
index da49bba..ad8993d 100644
--- a/Python/random.c
+++ b/Python/random.c
@@ -188,6 +188,7 @@ dev_urandom_python(char *buffer, Py_ssize_t size)
     int fd;
     Py_ssize_t n;
     struct stat st;
+    int attr;
 
     if (size <= 0)
         return 0;
@@ -219,6 +220,14 @@ dev_urandom_python(char *buffer, Py_ssize_t size)
                 PyErr_SetFromErrno(PyExc_OSError);
             return -1;
         }
+
+        /* try to make the file descriptor non-inheritable, ignore errors */
+        attr = fcntl(fd, F_GETFD);
+        if (attr >= 0) {
+            attr |= FD_CLOEXEC;
+            (void)fcntl(fd, F_SETFD, attr);
+        }
+
         if (urandom_cache.fd >= 0) {
             /* urandom_fd was initialized by another thread while we were
                not holding the GIL, keep it. */
author	Victor Stinner <victor.stinner@gmail.com>	2015-02-24 13:30:43 (GMT)
committer	Victor Stinner <victor.stinner@gmail.com>	2015-02-24 13:30:43 (GMT)
commit	e0a0bd6eaa40c132e1a270df6ae73c1d87628188 (patch)
tree	e74c2165733b9c9df97bbb2f4d150efb21d04d95 /Python
parent	0e4da40e58a81823ecd39f6e882367e2ce622b32 (diff)
download	cpython-e0a0bd6eaa40c132e1a270df6ae73c1d87628188.zip cpython-e0a0bd6eaa40c132e1a270df6ae73c1d87628188.tar.gz cpython-e0a0bd6eaa40c132e1a270df6ae73c1d87628188.tar.bz2