From 91c583067cd169dd9d245b9440be128f1dbf0474 Mon Sep 17 00:00:00 2001 From: Andrei Vagin Date: Thu, 26 May 2022 17:33:09 -0700 Subject: osutil: create memfd with the MFD_CLOEXEC flag Go-runtime opens all files with CLOEXEC by default. exec.Cmd doesn't close file descriptors in a child process and so memfd without CLOEXEC can leak to an executor process where its content can be corrupted by one of test system calls. --- pkg/osutil/sharedmem_memfd.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'pkg/osutil') diff --git a/pkg/osutil/sharedmem_memfd.go b/pkg/osutil/sharedmem_memfd.go index bdcea486f..9eb3a4075 100644 --- a/pkg/osutil/sharedmem_memfd.go +++ b/pkg/osutil/sharedmem_memfd.go @@ -16,7 +16,7 @@ import ( // In the case of Linux, we can just use the memfd_create syscall. func CreateSharedMemFile(size int) (f *os.File, err error) { // The name is actually irrelevant and can even be the same for all such files. - fd, err := unix.MemfdCreate("syz-shared-mem", 0) + fd, err := unix.MemfdCreate("syz-shared-mem", unix.MFD_CLOEXEC) if err != nil { err = fmt.Errorf("failed to do memfd_create: %v", err) return -- cgit mrf-deployment