chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
pam_systemd: use F_DUPFD_CLOEXEC when dupping session fds
[elogind.git] / src / login / pam-module.c
diff --git a/src/login/pam-module.c b/src/login/pam-module.c
index 195d4d574e8605aa30402835e5232b51d1e5e20c..1259457efc5f43351a6cf2f826e8a228cdeb91cf 100644 (file)
--- a/src/login/pam-module.c
+++ b/src/login/pam-module.c
@@ -475,7 +475,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
         }
 
         if (session_fd >= 0) {
-                session_fd = dup(session_fd);
+                session_fd = fcntl(session_fd, F_DUPFD_CLOEXEC, 3);
                 if (session_fd < 0) {
                         pam_syslog(handle, LOG_ERR, "Failed to dup session fd: %m");
                         return PAM_SESSION_ERR;
@@ -484,7 +484,7 @@ _public_ PAM_EXTERN int pam_sm_open_session(
                 r = pam_set_data(handle, "systemd.session-fd", INT_TO_PTR(session_fd+1), NULL);
                 if (r != PAM_SUCCESS) {
                         pam_syslog(handle, LOG_ERR, "Failed to install session fd.");
-                        close_nointr_nofail(session_fd);
+                        safe_close(session_fd);
                         return r;
                 }
         }
Unnamed repository; edit this file 'description' to name the repository.