From: "Steven Rostedt (VMware)" <rostedt@xxxxxxxxxxx> There's no reason to keep the function filter file descriptor open if the application does an exec(). That can end up being a security issue. Best to set O_CLOEXEC flag when opening such that if the application leaves the file open and does an exec, it will be closed and the exec code does not have write permission into that file. If someone wants to have the file descriptor opened, then they need to open code the access to the file themselves, and if they want to use the API for such a use case, then they should submit a bugzilla with an enhancement request. Signed-off-by: Steven Rostedt (VMware) <rostedt@xxxxxxxxxxx> --- src/tracefs-tools.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tracefs-tools.c b/src/tracefs-tools.c index cb07b6f..92e3f72 100644 --- a/src/tracefs-tools.c +++ b/src/tracefs-tools.c @@ -853,7 +853,7 @@ int tracefs_function_filter(struct tracefs_instance *instance, const char *filte open_flags = reset ? O_TRUNC : O_APPEND; if (*fd < 0) - *fd = open(ftrace_filter_path, O_WRONLY | open_flags); + *fd = open(ftrace_filter_path, O_WRONLY | O_CLOEXEC | open_flags); tracefs_put_tracing_file(ftrace_filter_path); if (*fd < 0) goto out_free; -- 2.29.2
|