X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/5f16ca82ffcd4e3b916712e9760596949467a72d..e12f8c3248614077e92c7ba23386e1f36d570c8f:/src/src/daemon.c

diff --git a/src/src/daemon.c b/src/src/daemon.c
index 2413eaea5..4ac34332b 100644
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -1,10 +1,8 @@
-/* $Cambridge: exim/src/src/daemon.c,v 1.25 2008/01/28 18:24:07 fanf2 Exp $ */
-
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2007 */
+/* Copyright (c) University of Cambridge 1995 - 2009 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Functions concerned with running Exim as a daemon */
@@ -31,8 +29,8 @@ static smtp_slot empty_smtp_slot = { 0, NULL };
 *               Local static variables           *
 *************************************************/
 
-static volatile BOOL sigchld_seen;
-static volatile BOOL sighup_seen;
+static SIGNAL_BOOL sigchld_seen;
+static SIGNAL_BOOL sighup_seen;
 
 static int   accept_retry_count = 0;
 static int   accept_retry_errno;
@@ -425,6 +423,13 @@ if (pid == 0)
 
   for (i = 0; i < listen_socket_count; i++) (void)close(listen_sockets[i]);
 
+  /* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes
+  to be able to communicate with them, under any circumstances. */
+  (void)fcntl(accept_socket, F_SETFD,
+              fcntl(accept_socket, F_GETFD) | FD_CLOEXEC);
+  (void)fcntl(dup_accept_socket, F_SETFD,
+              fcntl(dup_accept_socket, F_GETFD) | FD_CLOEXEC);
+
   #ifdef SA_NOCLDWAIT
   act.sa_handler = SIG_IGN;
   sigemptyset(&(act.sa_mask));
@@ -1613,7 +1618,7 @@ for (;;)
   struct sockaddr_in accepted;
   #endif
 
-  EXIM_SOCKLEN_T len = sizeof(accepted);
+  EXIM_SOCKLEN_T len;
   pid_t pid;
 
   /* This code is placed first in the loop, so that it gets obeyed at the
@@ -1808,6 +1813,7 @@ for (;;)
           {
           if (FD_ISSET(listen_sockets[sk], &select_listen))
             {
+            len = sizeof(accepted);
             accept_socket = accept(listen_sockets[sk],
               (struct sockaddr *)&accepted, &len);
             FD_CLR(listen_sockets[sk], &select_listen);