Hi, On Tue, Oct 21, 2025 at 06:11:06PM +0000, Joshua Rogers via Openvpn-devel wrote: > The accept path calls set_cloexec(sd) after accept(). That re-flags the > listening socket, which is already CLOEXEC from create_socket_tcp(), and > leaves new_sd inheritable. As a result, client-connect and auth scripts > spawned after accept can inherit the connected socket and read or write > the raw TCP stream. This defeats the stated intent to prevent scripts from > accessing the client socket.
Impressive find. I had to actually look at the code to see what
you are talking about :-)
So we do
new_sd = accept(sd, &act->dest.addr.sa, &remote_len);
and then
/* set socket file descriptor to not pass across execs, so that
* scripts don't have access to it */
set_cloexec(sd);
return new_sd;
which very clearly is not intended behaviour.
So,
Acked-by: [email protected]
will deal with it "as soon as possible" which will take a few days.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
