From: Stefan Sperling <stsp@stsp.name>
Subject: Re: [PATCH portable] portable: build closefrom unconditionally
To: "Todd C. Miller" <Todd.Miller@sudo.ws>
Cc: Anna “CyberTailor” <cyber+misc@sysrq.in>, gameoftrees@openbsd.org
Date: Thu, 9 Dec 2021 17:03:18 +0100

On Thu, Dec 09, 2021 at 08:49:19AM -0700, Todd C. Miller wrote:
> I think you should just not check the return value of closefrom().
> It is void on Solaris where it originated, OpenBSD is the outlier
> here because it is a syscall.

Fair enough. I will commit Anna's original patch then.

OpenBSD's closefrom(2) man page suggests that things could go wrong
by way of close(2) failures (such as EINTR). I cannot judge the
impact of such failures. I suppose an error could leave some files
open which should be closed before exec(), and leave such files
exposed to the child process? Could this be triggered deliberately
by sending signals to the process?

> Or you can just set the close-on-exec flag for all the fds you open
> and avoid closefrom() altogether.

Thanks for the hint! That seems better indeed. I will try to take
a look at this at some point. The more pressing issue right now is
the build fix for -portable.