DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-03 20:55:07 -05:00
Code Issues Packages Projects Releases Wiki Activity

socket: set close-on-exec on all reusable sockets

Browse Source 
Set the CLOEXEC flag on all reusable sockets in the initialization to
avoid leaking them to sendmail (mailonchange directive) in case the
chrony configuration doesn't use all sockets provided by systemd.
This commit is contained in:
Miroslav Lichvar
2023-11-20 13:25:27 +01:00
parent b6eec0068a
commit ee9d721b7b
1 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
socket.c
View File

@@ -268,9 +268,9 @@ static int
set_socket_flags(int sock_fd, int flags)
{
/* Close the socket automatically on exec */
if (
if (!SCK_IsReusable(sock_fd) &&
#ifdef SOCK_CLOEXEC
(SCK_IsReusable(sock_fd) || (supported_socket_flags & SOCK_CLOEXEC) == 0) &&
(supported_socket_flags & SOCK_CLOEXEC) == 0 &&
#endif
!UTI_FdSetCloexec(sock_fd))
return 0;
@@ -1295,6 +1295,8 @@ SCK_PreInitialise(void)
void
SCK_Initialise(int family)
{
int fd;
ip4_enabled = family == IPADDR_INET4 || family == IPADDR_UNSPEC;
#ifdef FEAT_IPV6
ip6_enabled = family == IPADDR_INET6 || family == IPADDR_UNSPEC;
@@ -1323,6 +1325,9 @@ SCK_Initialise(int family)
supported_socket_flags |= SOCK_NONBLOCK;
#endif
for (fd = first_reusable_fd; fd < first_reusable_fd + reusable_fds; fd++)
UTI_FdSetCloexec(fd);
initialised = 1;
}