TheArchive/iodine
1
0
Fork 0
mirror of https://github.com/yarrick/iodine.git synced 2025-10-17 08:41:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Do not let sockets be inherited by sub-processes

Browse Source 
Set FD_CLOEXEC flag on tunnel and UDP file descriptors.
Fixes ticket #99, "should not allow UDP socket to be inherited by ifconfig"
This commit is contained in:
Erik Ekman
2014-06-04 17:40:36 +09:00
parent a23899513d
commit 3fadbfb580
4 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/common.c
View File

@@ -189,6 +189,8 @@ open_dns(struct sockaddr_storage *sockaddr, size_t sockaddr_len)
#ifndef WINDOWS32
/* To get destination address from each UDP datagram, see iodined.c:read_dns() */
setsockopt(fd, IPPROTO_IP, DSTADDR_SOCKOPT, (const void*) &flag, sizeof(flag));
fd_set_close_on_exec(fd);
#endif
#ifdef IP_OPT_DONT_FRAG
@@ -461,3 +463,19 @@ int recent_seqno(int ourseqno, int gotseqno)
}
return 0;
}
/* Set FD_CLOEXEC flag on file descriptor.
* This stops it from being inherited by system() calls.
*/
void
fd_set_close_on_exec(int fd)
{
int flags;
flags = fcntl(fd, F_GETFD);
if (flags == -1)
err(4, "Failed to get fd flags");
flags |= FD_CLOEXEC;
if (fcntl(fd, F_SETFD, flags) == -1)
err(4, "Failed to set fd flags");
}