From fbfd0ed5ab4436b27736dfe0b1b16de86ad7d5aa Mon Sep 17 00:00:00 2001
From: Gunnar Beutner <gbeutner@serenityos.org>
Date: Sun, 16 May 2021 11:57:17 +0200
Subject: [PATCH] LibCore: Open files with O_CLOEXEC by default

This changes Core::File::open() to specify O_CLOEXEC by default
so that we don't leak file descriptors into child processes. The
new behavior can be overriden by specifying OpenMode::KeepOnExec.
---
 Userland/Libraries/LibCore/File.cpp   | 2 ++
 Userland/Libraries/LibCore/IODevice.h | 1 +
 2 files changed, 3 insertions(+)

diff --git a/Userland/Libraries/LibCore/File.cpp b/Userland/Libraries/LibCore/File.cpp
index 39d8c93e66..d4ab87a7f1 100644
--- a/Userland/Libraries/LibCore/File.cpp
+++ b/Userland/Libraries/LibCore/File.cpp
@@ -79,6 +79,8 @@ bool File::open_impl(OpenMode mode, mode_t permissions)
         flags |= O_TRUNC;
     if (has_flag(mode, OpenMode::MustBeNew))
         flags |= O_EXCL;
+    if (!has_flag(mode, OpenMode::KeepOnExec))
+        flags |= O_CLOEXEC;
     int fd = ::open(m_filename.characters(), flags, permissions);
     if (fd < 0) {
         set_error(errno);
diff --git a/Userland/Libraries/LibCore/IODevice.h b/Userland/Libraries/LibCore/IODevice.h
index d625cf836e..a13f6ea996 100644
--- a/Userland/Libraries/LibCore/IODevice.h
+++ b/Userland/Libraries/LibCore/IODevice.h
@@ -42,6 +42,7 @@ enum class OpenMode : unsigned {
     Append = 4,
     Truncate = 8,
     MustBeNew = 16,
+    KeepOnExec = 32,
 };
 
 enum class SeekMode {