Browse code
close more file descriptors on exec
Don't inherit the --status and --ifconfig-pool-persist, and on Linux
the epoll(7), file descriptors to scripts and other processes that
may be forked by plugins.
Signed-off-by: Heiko Hund <heiko.hund@sophos.com>
Acked-by: David Sommerseth <davids@redhat.com>
Message-Id: 1359728354-9405-1-git-send-email-heiko.hund@sophos.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/7312
Signed-off-by: David Sommerseth <davids@redhat.com>
Heiko Hund authored on 2013/02/01 23:19:14Showing 2 changed files
| ... | ... |
@@ -34,6 +34,7 @@ |
| 34 | 34 |
#include "error.h" |
| 35 | 35 |
#include "integer.h" |
| 36 | 36 |
#include "event.h" |
| 37 |
+#include "fdmisc.h" |
|
| 37 | 38 |
|
| 38 | 39 |
#include "memdbg.h" |
| 39 | 40 |
|
| ... | ... |
@@ -582,6 +583,8 @@ ep_init (int *maxevents, unsigned int flags) |
| 582 | 582 |
if (fd < 0) |
| 583 | 583 |
return NULL; |
| 584 | 584 |
|
| 585 |
+ set_cloexec (fd); |
|
| 586 |
+ |
|
| 585 | 587 |
ALLOC_OBJ_CLEAR (eps, struct ep_set); |
| 586 | 588 |
|
| 587 | 589 |
/* set dispatch functions */ |
| ... | ... |
@@ -33,6 +33,7 @@ |
| 33 | 33 |
#include "status.h" |
| 34 | 34 |
#include "perf.h" |
| 35 | 35 |
#include "misc.h" |
| 36 |
+#include "fdmisc.h" |
|
| 36 | 37 |
|
| 37 | 38 |
#include "memdbg.h" |
| 38 | 39 |
|
| ... | ... |
@@ -98,6 +99,7 @@ status_open (const char *filename, |
| 98 | 98 |
if (so->fd >= 0) |
| 99 | 99 |
{
|
| 100 | 100 |
so->filename = string_alloc (filename, NULL); |
| 101 |
+ set_cloexec (so->fd); |
|
| 101 | 102 |
|
| 102 | 103 |
/* allocate read buffer */ |
| 103 | 104 |
if (so->flags & STATUS_OUTPUT_READ) |