From: Alberto Gonzalez Iniesta <a...@inittab.org> This patch sets FD_CLOEXEC in socket initialization BEFORE running the 'up script' to avoid passing fds to the scripts, which broke things like quagga.
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=367716> Signed-off-by: David Sommerseth <d...@users.sourceforge.net> --- socket.c | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/socket.c b/socket.c index 62bf881..50a72b9 100644 --- a/socket.c +++ b/socket.c @@ -1293,6 +1293,10 @@ link_socket_init_phase1 (struct link_socket *sock, resolve_bind_local (sock); resolve_remote (sock, 1, NULL, NULL); } + + /* set socket file descriptor to not pass across execs, so that + scripts don't have access to it */ + set_cloexec (sock->sd); } /* finalize socket initialization */ @@ -1501,10 +1505,6 @@ link_socket_init_phase2 (struct link_socket *sock, /* set socket to non-blocking mode */ set_nonblock (sock->sd); - /* set socket file descriptor to not pass across execs, so that - scripts don't have access to it */ - set_cloexec (sock->sd); - #ifdef ENABLE_SOCKS if (socket_defined (sock->ctrl_sd)) set_cloexec (sock->ctrl_sd); -- 1.6.6.1
