Package: ion3-mod-ionflux
Version: 20050428-7
Followup-For: Bug #329201
Okay, seems as I forgot half of the thing. The attached patch fully
eliminates inherited sockets. The two patches have been sent to the
upstream repository and a new package will be uploaded upon their
inclusion (should not take long)
Demonstrative output:
--------------------
~ ls -l /proc/self/fd
insgesamt 4
lrwx------ 1 rvb rvb 64 2005-09-21 15:18 0 -> /dev/pts/7
lrwx------ 1 rvb rvb 64 2005-09-21 15:18 1 -> /dev/pts/7
lrwx------ 1 rvb rvb 64 2005-09-21 15:18 2 -> /dev/pts/7
No sockets anymore.
René
Wed Sep 21 15:14:17 CEST 2005 René van Bevern <[EMAIL PROTECTED]>
* set close-on-exec for listening socket also.
This now _really_ prevents executed applications from inheriting both,
the connection file descriptor and the listening socket file
descriptor.
diff -rN -u old-ion3-mod-ionflux/mod_ionflux/mod_ionflux.c
new-ion3-mod-ionflux/mod_ionflux/mod_ionflux.c
--- old-ion3-mod-ionflux/mod_ionflux/mod_ionflux.c 2005-09-21
15:16:04.000000000 +0200
+++ new-ion3-mod-ionflux/mod_ionflux/mod_ionflux.c 2005-09-21
15:11:16.000000000 +0200
@@ -230,6 +230,14 @@
addr.sun_family=AF_UNIX;
strcpy(addr.sun_path, listenfile);
+ {
+ int fl=fcntl(listenfd, F_GETFD);
+ if(fl!=-1)
+ fl=fcntl(listenfd, F_SETFD, fl|FD_CLOEXEC);
+ if(fl==-1)
+ goto errwarn;
+ }
+
if(bind(listenfd, (struct sockaddr*) &addr,
strlen(addr.sun_path)+sizeof(addr.sun_family))<0){
goto errwarn;
