diff options
| author | David Woodhouse <David.Woodhouse@intel.com> | 2010-12-12 02:48:18 +0000 |
|---|---|---|
| committer | David Woodhouse <David.Woodhouse@intel.com> | 2010-12-12 02:52:20 +0000 |
| commit | fa32850be0d9e605da1b33305c122f7a59a24650 (patch) | |
| tree | d32a7f5c6ea48158e30319c11b591fc24b61c25c /src | |
| parent | 261dc43e32f6039781ca92535e56f5caaa68b809 (diff) | |
Set FD_CLOEXEC on SMTP sockets after forking to handle the connection.
Diffstat (limited to 'src')
| -rw-r--r-- | src/src/daemon.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/src/daemon.c b/src/src/daemon.c index 8e6d6673a..3db9be374 100644 --- a/src/src/daemon.c +++ b/src/src/daemon.c @@ -425,6 +425,13 @@ if (pid == 0) for (i = 0; i < listen_socket_count; i++) (void)close(listen_sockets[i]); + /* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes + to be able to communicate with them, under any circumstances. */ + (void)fcntl(accept_socket, F_SETFD, + fcntl(accept_socket, F_GETFD) | FD_CLOEXEC); + (void)fcntl(dup_accept_socket, F_SETFD, + fcntl(dup_accept_socket, F_GETFD) | FD_CLOEXEC); + #ifdef SA_NOCLDWAIT act.sa_handler = SIG_IGN; sigemptyset(&(act.sa_mask)); |