[dart:io] Don't leak /dev/urandom fd on fork.
Change-Id: I90ff8585408078e12bf732f6669cf3f9d149495a
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/102205
Reviewed-by: Jonas Termansen <sortie@google.com>
Commit-Queue: Ryan Macnak <rmacnak@google.com>
diff --git a/runtime/bin/crypto_android.cc b/runtime/bin/crypto_android.cc
index 6af505f..6db66eb 100644
--- a/runtime/bin/crypto_android.cc
+++ b/runtime/bin/crypto_android.cc
@@ -17,8 +17,8 @@
bool Crypto::GetRandomBytes(intptr_t count, uint8_t* buffer) {
ThreadSignalBlocker signal_blocker(SIGPROF);
- intptr_t fd =
- TEMP_FAILURE_RETRY_NO_SIGNAL_BLOCKER(open("/dev/urandom", O_RDONLY));
+ intptr_t fd = TEMP_FAILURE_RETRY_NO_SIGNAL_BLOCKER(
+ open("/dev/urandom", O_RDONLY | O_CLOEXEC));
if (fd < 0) {
return false;
}
diff --git a/runtime/bin/crypto_linux.cc b/runtime/bin/crypto_linux.cc
index 9a14ee3..d3af9e0 100644
--- a/runtime/bin/crypto_linux.cc
+++ b/runtime/bin/crypto_linux.cc
@@ -17,8 +17,8 @@
bool Crypto::GetRandomBytes(intptr_t count, uint8_t* buffer) {
ThreadSignalBlocker signal_blocker(SIGPROF);
- intptr_t fd =
- TEMP_FAILURE_RETRY_NO_SIGNAL_BLOCKER(open("/dev/urandom", O_RDONLY));
+ intptr_t fd = TEMP_FAILURE_RETRY_NO_SIGNAL_BLOCKER(
+ open("/dev/urandom", O_RDONLY | O_CLOEXEC));
if (fd < 0) {
return false;
}
diff --git a/runtime/bin/crypto_macos.cc b/runtime/bin/crypto_macos.cc
index 5d0690e..e5bf130 100644
--- a/runtime/bin/crypto_macos.cc
+++ b/runtime/bin/crypto_macos.cc
@@ -17,8 +17,8 @@
bool Crypto::GetRandomBytes(intptr_t count, uint8_t* buffer) {
ThreadSignalBlocker signal_blocker(SIGPROF);
- intptr_t fd =
- TEMP_FAILURE_RETRY_NO_SIGNAL_BLOCKER(open("/dev/urandom", O_RDONLY));
+ intptr_t fd = TEMP_FAILURE_RETRY_NO_SIGNAL_BLOCKER(
+ open("/dev/urandom", O_RDONLY | O_CLOEXEC));
if (fd < 0) {
return false;
}