minor security issue: file descriptor leakage

Created by: vanhauser-thc

drrun is leaking a file descriptor to the run program:

bin64/drrun -c /prg/tmp/dynamorio/build/api/bin/libbbsize.so -- /bin/sleep 120 Client bbsize is running

/proc # ps auxw | grep sleep
root     18771  0.2  0.0 284756  3588 pts/0    S+   02:24   0:00 /bin/sleep 120
root     18773  0.0  0.0  11284   932 pts/1    S+   02:24   0:00 grep --color=auto sleep
nas /proc # cd 18771/fd
nas /proc/18771/fd # ls -al
total 0
dr-x------ 2 root root  0 Mar 16 02:24 .
dr-xr-xr-x 9 root root  0 Mar 16 02:24 ..
lrwx------ 1 root root 64 Mar 16 02:24 0 -> /dev/pts/0
lrwx------ 1 root root 64 Mar 16 02:24 1 -> /dev/pts/0
lrwx------ 1 root root 64 Mar 16 02:24 2 -> /dev/pts/0
lr-x------ 1 root root 64 Mar 16 02:24 3 -> /bin/sleep

a program could check if fd 3 is pointing to itself and then perform different functionality, e.g. in some malware analysis example.

open() should be performed with O_CLOEXEC or the fd get the flag set via fcntl.