Set FD_CLOEXEC on SMTP sockets after forking to handle the connection.

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index cf307014b1f3b41ac29a170fe4567af7d1d0d76c..624e0a8c70911f14f0e119a2d4122a7d3363f925 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -89,6 +89,9 @@ DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY
 DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration
       files to be used while preserving root privileges.
 
+DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
+      that rogue child processes cannot use them.
+
 
 Exim version 4.72
 -----------------

diff --git a/src/src/daemon.c b/src/src/daemon.c
index 8e6d6673adf5f8e73539ba7fbc36f60e9a5c633d..3db9be374214e9e3f37b54af3e1c219c8c7f2cd1 100644 (file)
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -425,6 +425,13 @@ if (pid == 0)
 
   for (i = 0; i < listen_socket_count; i++) (void)close(listen_sockets[i]);
 
+  /* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes
+  to be able to communicate with them, under any circumstances. */
+  (void)fcntl(accept_socket, F_SETFD,
+              fcntl(accept_socket, F_GETFD) | FD_CLOEXEC);
+  (void)fcntl(dup_accept_socket, F_SETFD,
+              fcntl(dup_accept_socket, F_GETFD) | FD_CLOEXEC);
+
   #ifdef SA_NOCLDWAIT
   act.sa_handler = SIG_IGN;
   sigemptyset(&(act.sa_mask));