From: Heiko Hund Date: Fri, 1 Feb 2013 14:19:14 +0000 (+0100) Subject: close more file descriptors on exec X-Git-Tag: v2.4_alpha1~613 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09ee4192b1d16bbd7c3c138cc2d46760a11797bf;p=thirdparty%2Fopenvpn.git close more file descriptors on exec Don't inherit the --status and --ifconfig-pool-persist, and on Linux the epoll(7), file descriptors to scripts and other processes that may be forked by plugins. Signed-off-by: Heiko Hund Acked-by: David Sommerseth Message-Id: 1359728354-9405-1-git-send-email-heiko.hund@sophos.com URL: http://article.gmane.org/gmane.network.openvpn.devel/7312 Signed-off-by: David Sommerseth --- diff --git a/src/openvpn/event.c b/src/openvpn/event.c index 2a13e1cfc..34a3c451f 100644 --- a/src/openvpn/event.c +++ b/src/openvpn/event.c @@ -34,6 +34,7 @@ #include "error.h" #include "integer.h" #include "event.h" +#include "fdmisc.h" #include "memdbg.h" @@ -582,6 +583,8 @@ ep_init (int *maxevents, unsigned int flags) if (fd < 0) return NULL; + set_cloexec (fd); + ALLOC_OBJ_CLEAR (eps, struct ep_set); /* set dispatch functions */ diff --git a/src/openvpn/status.c b/src/openvpn/status.c index 5f9ab9eed..b7ff48434 100644 --- a/src/openvpn/status.c +++ b/src/openvpn/status.c @@ -33,6 +33,7 @@ #include "status.h" #include "perf.h" #include "misc.h" +#include "fdmisc.h" #include "memdbg.h" @@ -98,6 +99,7 @@ status_open (const char *filename, if (so->fd >= 0) { so->filename = string_alloc (filename, NULL); + set_cloexec (so->fd); /* allocate read buffer */ if (so->flags & STATUS_OUTPUT_READ)