From 5c63b463b87d3c06102a4a7f05f395929d9ea79b Mon Sep 17 00:00:00 2001
From: DJ Delorie <dj@delorie.com>
Date: Wed, 2 Dec 2020 16:14:27 -0500
Subject: [PATCH] Use memfd_create() (#604)

memfd_create creates a file in a memory-only filesystem that may
bypass strict security protocols in filesystem-based temporary
files.
---
 configure.ac   |  3 +++
 src/closures.c | 17 +++++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/configure.ac b/configure.ac
index 790274e..093b87d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -63,6 +63,9 @@ EOF
 
 AM_MAINTAINER_MODE
 
+AC_CHECK_HEADERS(sys/memfd.h)
+AC_CHECK_FUNCS([memfd_create])
+
 AC_CHECK_HEADERS(sys/mman.h)
 AC_CHECK_FUNCS([mmap mkostemp])
 AC_FUNC_MMAP_BLACKLIST
diff --git a/src/closures.c b/src/closures.c
index 4fe6158..dfc2f68 100644
--- a/src/closures.c
+++ b/src/closures.c
@@ -45,6 +45,9 @@
 
 #include <stddef.h>
 #include <unistd.h>
+#ifdef  HAVE_SYS_MEMFD_H
+#include <sys/memfd.h>
+#endif
 
 static const size_t overhead =
   (sizeof(max_align_t) > sizeof(void *) + sizeof(size_t)) ?
@@ -544,6 +547,17 @@ static int execfd = -1;
 /* The amount of space already allocated from the temporary file.  */
 static size_t execsize = 0;
 
+#ifdef HAVE_MEMFD_CREATE
+/* Open a temporary file name, and immediately unlink it.  */
+static int
+open_temp_exec_file_memfd (const char *name)
+{
+  int fd;
+  fd = memfd_create (name, MFD_CLOEXEC);
+  return fd;
+}
+#endif
+
 /* Open a temporary file name, and immediately unlink it.  */
 static int
 open_temp_exec_file_name (char *name, int flags)
@@ -671,6 +685,9 @@ static struct
   const char *arg;
   int repeat;
 } open_temp_exec_file_opts[] = {
+#ifdef HAVE_MEMFD_CREATE
+  { open_temp_exec_file_memfd, "libffi", 0 },
+#endif
   { open_temp_exec_file_env, "TMPDIR", 0 },
   { open_temp_exec_file_dir, "/tmp", 0 },
   { open_temp_exec_file_dir, "/var/tmp", 0 },
-- 
2.34.1