Am 06.12.16 um 13:26 schrieb Gert Doering: > The existing code can leak socket FDs to the "--up" script, which is > not desired. Brought up by Alberto Gonzalez Iniesta, based on debian > bug 367716. > > Since different sockets get create at different times, just moving the > set_cloexec() to link_socket_init_phase1() is not good enough - so move > the call into create_socket_<family>(), so we will catch ALL socket > creations, no matter when or under which conditions they will be > created (SOCKS proxy socket, listening socket, ...).
Patch looks good. ACK from me. I also looked at the port-share code path but that part isn't touched by this commit. Arne ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
