Use O_CLOEXEC in most places

configure.ac

@@ -80,7 +80,7 @@ static char buf[1024];]],
 AC_LANG_POP(C++)
 
 
-AC_CHECK_FUNCS([statvfs])
+AC_CHECK_FUNCS([statvfs pipe2])
 
 
 # Check for lutimes, optionally used for changing the mtime of

src/libstore/build.cc

@@ -509,10 +509,9 @@ void UserLock::acquire()
             /* We already have a lock on this one. */
             continue;
 
-        AutoCloseFD fd = open(fnUserLock.c_str(), O_RDWR | O_CREAT, 0600);
+        AutoCloseFD fd = open(fnUserLock.c_str(), O_RDWR | O_CREAT | O_CLOEXEC, 0600);
         if (fd == -1)
             throw SysError(format("opening user lock ‘%1%’") % fnUserLock);
-        closeOnExec(fd);
 
         if (lockFile(fd, ltWrite, false)) {
             fdUserLock = fd.borrow();

src/libstore/gc.cc

@@ -33,10 +33,9 @@ int LocalStore::openGCLock(LockType lockType)
 
     debug(format("acquiring global GC lock ‘%1%’") % fnGCLock);
 
-    AutoCloseFD fdGCLock = open(fnGCLock.c_str(), O_RDWR | O_CREAT, 0600);
+    AutoCloseFD fdGCLock = open(fnGCLock.c_str(), O_RDWR | O_CREAT | O_CLOEXEC, 0600);
     if (fdGCLock == -1)
         throw SysError(format("opening global GC lock ‘%1%’") % fnGCLock);
-    closeOnExec(fdGCLock);
 
     if (!lockFile(fdGCLock, lockType, false)) {
         printMsg(lvlError, format("waiting for the big garbage collector lock..."));
@@ -211,7 +210,7 @@ void LocalStore::readTempRoots(PathSet & tempRoots, FDs & fds)
         Path path = (format("%1%/%2%/%3%") % stateDir % tempRootsDir % i.name).str();
 
         debug(format("reading temporary root file ‘%1%’") % path);
-        FDPtr fd(new AutoCloseFD(open(path.c_str(), O_RDWR, 0666)));
+        FDPtr fd(new AutoCloseFD(open(path.c_str(), O_CLOEXEC | O_RDWR, 0666)));
         if (*fd == -1) {
             /* It's okay if the file has disappeared. */
             if (errno == ENOENT) continue;

src/libstore/local-store.cc

@@ -117,7 +117,7 @@ LocalStore::LocalStore(const Params & params)
         if (stat(reservedPath.c_str(), &st) == -1 ||
             st.st_size != settings.reservedSize)
         {
-            AutoCloseFD fd = open(reservedPath.c_str(), O_WRONLY | O_CREAT, 0600);
+            AutoCloseFD fd = open(reservedPath.c_str(), O_WRONLY | O_CREAT | O_CLOEXEC, 0600);
             int res = -1;
 #if HAVE_POSIX_FALLOCATE
             res = posix_fallocate(fd, 0, settings.reservedSize);
@@ -1245,7 +1245,7 @@ static void makeMutable(const Path & path)
     /* The O_NOFOLLOW is important to prevent us from changing the
        mutable bit on the target of a symlink (which would be a
        security hole). */
-    AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_NOFOLLOW);
+    AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
     if (fd == -1) {
         if (errno == ELOOP) return; // it's a symlink
         throw SysError(format("opening file ‘%1%’") % path);

src/libstore/pathlocks.cc

@@ -16,12 +16,10 @@ int openLockFile(const Path & path, bool create)
 {
     AutoCloseFD fd;
 
-    fd = open(path.c_str(), O_RDWR | (create ? O_CREAT : 0), 0600);
+    fd = open(path.c_str(), O_CLOEXEC | O_RDWR | (create ? O_CREAT : 0), 0600);
     if (fd == -1 && (create || errno != ENOENT))
         throw SysError(format("opening lock file ‘%1%’") % path);
 
-    closeOnExec(fd);
-
     return fd.borrow();
 }
 

src/libstore/remote-store.cc

@@ -61,7 +61,11 @@ ref<RemoteStore::Connection> RemoteStore::openConnection()
     auto conn = make_ref<Connection>();
 
     /* Connect to a daemon that does the privileged work for us. */
-    conn->fd = socket(PF_UNIX, SOCK_STREAM, 0);
+    conn->fd = socket(PF_UNIX, SOCK_STREAM
+        #ifdef SOCK_CLOEXEC
+        | SOCK_CLOEXEC
+        #endif
+        , 0);
     if (conn->fd == -1)
         throw SysError("cannot create Unix domain socket");
     closeOnExec(conn->fd);

src/libutil/archive.cc

@@ -41,7 +41,7 @@ static void dumpContents(const Path & path, size_t size,
 {
     sink << "contents" << size;
 
-    AutoCloseFD fd = open(path.c_str(), O_RDONLY);
+    AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
     if (fd == -1) throw SysError(format("opening file ‘%1%’") % path);
 
     unsigned char buf[65536];
@@ -304,7 +304,7 @@ struct RestoreSink : ParseSink
     {
         Path p = dstPath + path;
         fd.close();
-        fd = open(p.c_str(), O_CREAT | O_EXCL | O_WRONLY, 0666);
+        fd = open(p.c_str(), O_CREAT | O_EXCL | O_WRONLY | O_CLOEXEC, 0666);
         if (fd == -1) throw SysError(format("creating file ‘%1%’") % p);
     }
 

src/libutil/hash.cc

@@ -254,7 +254,7 @@ Hash hashFile(HashType ht, const Path & path)
     Hash hash(ht);
     start(ht, ctx);
 
-    AutoCloseFD fd = open(path.c_str(), O_RDONLY);
+    AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
     if (fd == -1) throw SysError(format("opening file ‘%1%’") % path);
 
     unsigned char buf[8192];

src/libutil/util.cc

@@ -273,7 +273,7 @@ string readFile(int fd)
 
 string readFile(const Path & path, bool drain)
 {
-    AutoCloseFD fd = open(path.c_str(), O_RDONLY);
+    AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
     if (fd == -1)
         throw SysError(format("opening file ‘%1%’") % path);
     return drain ? drainFD(fd) : readFile(fd);
@@ -282,7 +282,7 @@ string readFile(const Path & path, bool drain)
 
 void writeFile(const Path & path, const string & s)
 {
-    AutoCloseFD fd = open(path.c_str(), O_WRONLY | O_TRUNC | O_CREAT, 0666);
+    AutoCloseFD fd = open(path.c_str(), O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0666);
     if (fd == -1)
         throw SysError(format("opening file ‘%1%’") % path);
     writeFull(fd, s);
@@ -633,11 +633,15 @@ int AutoCloseFD::borrow()
 void Pipe::create()
 {
     int fds[2];
+#if HAVE_PIPE2
+    if (pipe2(fds, O_CLOEXEC) != 0) throw SysError("creating pipe");
+#else
     if (pipe(fds) != 0) throw SysError("creating pipe");
+    closeOnExec(fds[0]);
+    closeOnExec(fds[1]);
+#endif
     readSide = fds[0];
     writeSide = fds[1];
-    closeOnExec(readSide);
-    closeOnExec(writeSide);
 }