Created attachment 431162 [details, diff]
Patch that causes /var/log/slim.log to be set close-on-exec
x11-misc/slim maintains a log file in /var/log/slim.log. However, this log file is naively opened using a C++ fstream. Thus, the open file descriptor will be inherited to all graphical applications. This can be seen by using slim as the display manager, logging in and running
ls -lh /proc/$$/fd
Which will show an additional file descriptor for /var/log/slim.log
This is a security issue on one hand, because just about any child process of slim can now write to /var/log/slim.log. On the other hand it is very ugly to see this additional file descriptor and some tools like LVM complain when there are unexpected open file descriptors flying around.
Attached is a patch that will open the logfile with a libstdc++ proprieate stdio_filebuf and then set CLOEXEC on the corresponding file descriptor. The effect is then gone. However, the code will only continue to compile if a libstdc++ STL is around.