* builds/unix/ftsystem.c (FT_New_Stream): added a fix to ensure that all FreeType input streams are closed in child processes of a "fork" on Unix systems. This is important to avoid (potential) access control issues..
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
diff --git a/ChangeLog b/ChangeLog
index 7f68f47..b7c9014 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2002-01-03 Keith Packard <keithp@keithp.com>
+
+ * builds/unix/ftsystem.c (FT_New_Stream): added a fix to ensure that
+ all FreeType input streams are closed in child processes of a "fork"
+ on Unix systems. This is important to avoid (potential) access
+ control issues..
+
+
2002-01-03 David Turner <david@freetype.org>
* src/type1/t1objs.c (T1_Face_Init): fixed a bug that crashed the
diff --git a/builds/unix/ftsystem.c b/builds/unix/ftsystem.c
index d58c07c..c492be1 100644
--- a/builds/unix/ftsystem.c
+++ b/builds/unix/ftsystem.c
@@ -223,6 +223,19 @@
return FT_Err_Cannot_Open_Resource;
}
+ /* here, we ensure that a "fork" will _not_ duplicate */
+ /* our opened input streams on Unix. This is critical */
+ /* since it would avoid some (possible) access control */
+ /* issues and clean up the kernel file table a bit. */
+ /* */
+#ifdef F_SETFD
+# ifdef FD_CLOEXEC
+ ret = fcntl ( file, F_SETFD, FD_CLOEXEC);
+# else
+ ret = fcntl ( file, F_SETFD, 1);
+# endif /* FD_CLOEXEC */
+#endif /* F_SETFD */
+
if ( fstat( file, &stat_buf ) < 0 )
{
FT_ERROR(( "FT_New_Stream:" ));