From b3dde9a009a5f541b356cc395b886e3576def57d Mon Sep 17 00:00:00 2001 From: Gerhard Rieger Date: Mon, 12 Jun 2023 12:25:54 +0200 Subject: [PATCH] Option stderr leaked a temporary FD into child process --- CHANGES | 3 +++ error.c | 1 + 2 files changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 8328840..8b01248 100644 --- a/CHANGES +++ b/CHANGES @@ -37,6 +37,9 @@ Corrections: The FDs of the socketpair that queues messages from signal handlers lacked FD_CLOEXEC and thus leaked into EXEC and SYSTEM child processes. + Option stderr on addresses EXEC and SYSTEM uses a temporary FD. It + lacked the FD_CLOEXEC setting and thus leakt into child processes. + Features: VSOCK, VSOCK-L support options pf, socktype, prototype (currently useless) diff --git a/error.c b/error.c index a080ee2..f38abf1 100644 --- a/error.c +++ b/error.c @@ -472,6 +472,7 @@ int diag_dup(void) { return -1; } newfd = dup(fileno(diagopts.logfile)); + Fcntl_l(newfd, F_SETFD, FD_CLOEXEC); if (diagopts.logfile != stderr) { fclose(diagopts.logfile); }