From d08069699f404e6ee6e6e2d702b769f832e504cb Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Fri, 6 Sep 2024 08:34:32 +0200
Subject: [PATCH] openvpn|wireguard: close-on-exec

---
 src/opnsense/scripts/Wireguard/wg-service-control.php | 2 +-
 src/opnsense/scripts/openvpn/ovpn_service_control.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/opnsense/scripts/Wireguard/wg-service-control.php b/src/opnsense/scripts/Wireguard/wg-service-control.php
index bc9cf7a68..1d070811d 100755
--- a/src/opnsense/scripts/Wireguard/wg-service-control.php
+++ b/src/opnsense/scripts/Wireguard/wg-service-control.php
@@ -239,7 +239,7 @@ if (isset($opts['h']) || empty($args) || !in_array($args[0], ['start', 'stop', '
                 $carp_if_flag = 'down';
             }
             $server_devs[] = (string)$node->interface;
-            $statHandle = fopen($node->statFilename, "a+");
+            $statHandle = fopen($node->statFilename, 'a+e');
             if (flock($statHandle, LOCK_EX)) {
                 $ifdetails = legacy_interfaces_details((string)$node->interface);
                 switch ($action) {
diff --git a/src/opnsense/scripts/openvpn/ovpn_service_control.php b/src/opnsense/scripts/openvpn/ovpn_service_control.php
index f85e22455..512c45f45 100755
--- a/src/opnsense/scripts/openvpn/ovpn_service_control.php
+++ b/src/opnsense/scripts/openvpn/ovpn_service_control.php
@@ -159,7 +159,7 @@ if (isset($opts['h']) || empty($args) || !in_array($args[0], ['start', 'stop', '
             continue;
         }
         $instance_ids[] = $key;
-        $statHandle = fopen($node->statFilename, "a+");
+        $statHandle = fopen($node->statFilename, 'a+e');
         if (flock($statHandle, LOCK_EX)) {
             $instance_stats = ovpn_instance_stats($node, $statHandle);
             $destroy_if = !empty($instance_stats['dev_type']) && $instance_stats['dev_type'] != $node->dev_type;