Minor robustness fixes for debugging.

[exim.git] / src / src / daemon.c

diff --git a/src/src/daemon.c b/src/src/daemon.c
index 8e6d6673adf5f8e73539ba7fbc36f60e9a5c633d..c11e2ed0a3d81b40b8bdeedf1e49164f5e683978 100644 (file)
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -31,8 +31,8 @@ static smtp_slot empty_smtp_slot = { 0, NULL };
 *               Local static variables           *
 *************************************************/
 
-static volatile BOOL sigchld_seen;
-static volatile BOOL sighup_seen;
+static SIGNAL_BOOL sigchld_seen;
+static SIGNAL_BOOL sighup_seen;
 
 static int   accept_retry_count = 0;
 static int   accept_retry_errno;
@@ -425,6 +425,13 @@ if (pid == 0)
 
   for (i = 0; i < listen_socket_count; i++) (void)close(listen_sockets[i]);
 
+  /* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes
+  to be able to communicate with them, under any circumstances. */
+  (void)fcntl(accept_socket, F_SETFD,
+              fcntl(accept_socket, F_GETFD) | FD_CLOEXEC);
+  (void)fcntl(dup_accept_socket, F_SETFD,
+              fcntl(dup_accept_socket, F_GETFD) | FD_CLOEXEC);
+
   #ifdef SA_NOCLDWAIT
   act.sa_handler = SIG_IGN;
   sigemptyset(&(act.sa_mask));