summaryrefslogtreecommitdiffstats
path: root/clang-tools-extra/docs/clang-tidy/checks/android-cloexec-open.rst
diff options
context:
space:
mode:
Diffstat (limited to 'clang-tools-extra/docs/clang-tidy/checks/android-cloexec-open.rst')
-rw-r--r--clang-tools-extra/docs/clang-tidy/checks/android-cloexec-open.rst24
1 files changed, 24 insertions, 0 deletions
diff --git a/clang-tools-extra/docs/clang-tidy/checks/android-cloexec-open.rst b/clang-tools-extra/docs/clang-tidy/checks/android-cloexec-open.rst
new file mode 100644
index 00000000000..ee3e4b5b412
--- /dev/null
+++ b/clang-tools-extra/docs/clang-tidy/checks/android-cloexec-open.rst
@@ -0,0 +1,24 @@
+.. title:: clang-tidy - android-cloexec-open
+
+android-cloexec-open
+====================
+
+A common source of security bugs is code that opens a file without using the
+``O_CLOEXEC`` flag. Without that flag, an opened sensitive file would remain
+open across a fork+exec to a lower-privileged SELinux domain, leaking that
+sensitive data. Open-like functions including ``open()``, ``openat()``, and
+``open64()`` should include ``O_CLOEXEC`` in their flags argument.
+
+Examples:
+
+.. code-block:: c++
+
+ open("filename", O_RDWR);
+ open64("filename", O_RDWR);
+ openat(0, "filename", O_RDWR);
+
+ // becomes
+
+ open("filename", O_RDWR | O_CLOEXEC);
+ open64("filename", O_RDWR | O_CLOEXEC);
+ openat(0, "filename", O_RDWR | O_CLOEXEC);
OpenPOWER on IntegriCloud