diff --git a/CHANGES b/CHANGES index 8328840..8b01248 100644 --- a/CHANGES +++ b/CHANGES @@ -37,6 +37,9 @@ Corrections: The FDs of the socketpair that queues messages from signal handlers lacked FD_CLOEXEC and thus leaked into EXEC and SYSTEM child processes. + Option stderr on addresses EXEC and SYSTEM uses a temporary FD. It + lacked the FD_CLOEXEC setting and thus leakt into child processes. + Features: VSOCK, VSOCK-L support options pf, socktype, prototype (currently useless) diff --git a/error.c b/error.c index a080ee2..f38abf1 100644 --- a/error.c +++ b/error.c @@ -472,6 +472,7 @@ int diag_dup(void) { return -1; } newfd = dup(fileno(diagopts.logfile)); + Fcntl_l(newfd, F_SETFD, FD_CLOEXEC); if (diagopts.logfile != stderr) { fclose(diagopts.logfile); }