summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-txt/ChangeLog3
-rw-r--r--src/src/daemon.c7
2 files changed, 10 insertions, 0 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index cf307014b..624e0a8c7 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -89,6 +89,9 @@ DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY
DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration
files to be used while preserving root privileges.
+DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
+ that rogue child processes cannot use them.
+
Exim version 4.72
-----------------
diff --git a/src/src/daemon.c b/src/src/daemon.c
index 8e6d6673a..3db9be374 100644
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -425,6 +425,13 @@ if (pid == 0)
for (i = 0; i < listen_socket_count; i++) (void)close(listen_sockets[i]);
+ /* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes
+ to be able to communicate with them, under any circumstances. */
+ (void)fcntl(accept_socket, F_SETFD,
+ fcntl(accept_socket, F_GETFD) | FD_CLOEXEC);
+ (void)fcntl(dup_accept_socket, F_SETFD,
+ fcntl(dup_accept_socket, F_GETFD) | FD_CLOEXEC);
+
#ifdef SA_NOCLDWAIT
act.sa_handler = SIG_IGN;
sigemptyset(&(act.sa_mask));