Set FD_CLOEXEC on SMTP sockets after forking to handle the connection.

[exim.git] / src / src / daemon.c

diff --git a/src/src/daemon.c b/src/src/daemon.c
index 2413eaea5248f933b66c82b3eee669a156fbf61a..3db9be374214e9e3f37b54af3e1c219c8c7f2cd1 100644 (file)
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -1,10 +1,10 @@
-/* $Cambridge: exim/src/src/daemon.c,v 1.25 2008/01/28 18:24:07 fanf2 Exp $ */
+/* $Cambridge: exim/src/src/daemon.c,v 1.27 2009/11/16 19:50:36 nm4 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2007 */
+/* Copyright (c) University of Cambridge 1995 - 2009 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Functions concerned with running Exim as a daemon */
@@ -425,6 +425,13 @@ if (pid == 0)
 
   for (i = 0; i < listen_socket_count; i++) (void)close(listen_sockets[i]);
 
+  /* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes
+  to be able to communicate with them, under any circumstances. */
+  (void)fcntl(accept_socket, F_SETFD,
+              fcntl(accept_socket, F_GETFD) | FD_CLOEXEC);
+  (void)fcntl(dup_accept_socket, F_SETFD,
+              fcntl(dup_accept_socket, F_GETFD) | FD_CLOEXEC);
+
   #ifdef SA_NOCLDWAIT
   act.sa_handler = SIG_IGN;
   sigemptyset(&(act.sa_mask));
@@ -1613,7 +1620,7 @@ for (;;)
   struct sockaddr_in accepted;
   #endif
 
-  EXIM_SOCKLEN_T len = sizeof(accepted);
+  EXIM_SOCKLEN_T len;
   pid_t pid;
 
   /* This code is placed first in the loop, so that it gets obeyed at the
@@ -1808,6 +1815,7 @@ for (;;)
           {
           if (FD_ISSET(listen_sockets[sk], &select_listen))
             {
+            len = sizeof(accepted);
             accept_socket = accept(listen_sockets[sk],
               (struct sockaddr *)&accepted, &len);
             FD_CLR(listen_sockets[sk], &select_listen);