Do not let sockets be inherited by sub-processes
Set FD_CLOEXEC flag on tunnel and UDP file descriptors. Fixes ticket #99, "should not allow UDP socket to be inherited by ifconfig"
This commit is contained in:
parent
a23899513d
commit
3fadbfb580
|
@ -23,6 +23,7 @@ master:
|
|||
- A number of minor patches from Frank Denis, Gregor Herrmann and
|
||||
Barak A. Pearlmutter.
|
||||
- Testcase compilation fixes for OS X and FreeBSD
|
||||
- Do not let sockets be inherited by sub-processes, fixes #99.
|
||||
|
||||
2010-02-06: 0.6.0-rc1 "Hotspotify"
|
||||
- Fixed tunnel not working on Windows.
|
||||
|
|
18
src/common.c
18
src/common.c
|
@ -189,6 +189,8 @@ open_dns(struct sockaddr_storage *sockaddr, size_t sockaddr_len)
|
|||
#ifndef WINDOWS32
|
||||
/* To get destination address from each UDP datagram, see iodined.c:read_dns() */
|
||||
setsockopt(fd, IPPROTO_IP, DSTADDR_SOCKOPT, (const void*) &flag, sizeof(flag));
|
||||
|
||||
fd_set_close_on_exec(fd);
|
||||
#endif
|
||||
|
||||
#ifdef IP_OPT_DONT_FRAG
|
||||
|
@ -461,3 +463,19 @@ int recent_seqno(int ourseqno, int gotseqno)
|
|||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
/* Set FD_CLOEXEC flag on file descriptor.
|
||||
* This stops it from being inherited by system() calls.
|
||||
*/
|
||||
void
|
||||
fd_set_close_on_exec(int fd)
|
||||
{
|
||||
int flags;
|
||||
|
||||
flags = fcntl(fd, F_GETFD);
|
||||
if (flags == -1)
|
||||
err(4, "Failed to get fd flags");
|
||||
flags |= FD_CLOEXEC;
|
||||
if (fcntl(fd, F_SETFD, flags) == -1)
|
||||
err(4, "Failed to set fd flags");
|
||||
}
|
||||
|
|
|
@ -136,4 +136,6 @@ void warnx(const char *fmt, ...);
|
|||
|
||||
int recent_seqno(int , int);
|
||||
|
||||
void fd_set_close_on_exec(int fd);
|
||||
|
||||
#endif
|
||||
|
|
|
@ -98,6 +98,7 @@ open_tun(const char *tun_device)
|
|||
|
||||
if (ioctl(tun_fd, TUNSETIFF, (void *) &ifreq) != -1) {
|
||||
fprintf(stderr, "Opened %s\n", ifreq.ifr_name);
|
||||
fd_set_close_on_exec(tun_fd);
|
||||
return tun_fd;
|
||||
}
|
||||
|
||||
|
@ -112,6 +113,7 @@ open_tun(const char *tun_device)
|
|||
if (ioctl(tun_fd, TUNSETIFF, (void *) &ifreq) != -1) {
|
||||
fprintf(stderr, "Opened %s\n", ifreq.ifr_name);
|
||||
snprintf(if_name, sizeof(if_name), "dns%d", i);
|
||||
fd_set_close_on_exec(tun_fd);
|
||||
return tun_fd;
|
||||
}
|
||||
|
||||
|
@ -147,6 +149,7 @@ open_tun(const char *tun_device)
|
|||
}
|
||||
|
||||
fprintf(stderr, "Opened %s\n", tun_name);
|
||||
fd_set_close_on_exec(tun_fd);
|
||||
return tun_fd;
|
||||
} else {
|
||||
for (i = 0; i < TUN_MAX_TRY; i++) {
|
||||
|
@ -155,6 +158,7 @@ open_tun(const char *tun_device)
|
|||
if ((tun_fd = open(tun_name, O_RDWR)) >= 0) {
|
||||
fprintf(stderr, "Opened %s\n", tun_name);
|
||||
snprintf(if_name, sizeof(if_name), "tun%d", i);
|
||||
fd_set_close_on_exec(tun_fd);
|
||||
return tun_fd;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue