On Wed, Nov 23, 2016 at 07:43:21PM +0100, Gert Doering wrote: > Hi, > > On Wed, Nov 23, 2016 at 11:20:18AM +0100, Gert Doering wrote: > > The existing code can leak socket FDs to the "--up" script, which is > > not desired. Brought up by Alberto Gonzalez Iniesta, based on debian > > bug 367716. > > I'm not sure if that patch is good enough yet. > > Arne brought up "port-share" - where we fork processes, so it needs to > be ensured that whatever that process needs is still working. > > In addition to that, we have "TCP server" processes, which create new > sockets not by calling socket() but by calling accept() on the listening > socket, which is not in one of thew set_cloexec() paths - but watch out, > *these* might be the ones needed for port-share. > > gert
Hi, The patch, after being adjusted to the new source, is not working anymore: Mon Dec 5 19:39:34 2016 Set FD_CLOEXEC flag on file descriptor failed: Bad file descriptor (errno=9) Mon Dec 5 19:39:34 2016 Set FD_CLOEXEC flag on file descriptor failed: Bad file descriptor (errno=9) Mon Dec 5 19:39:34 2016 Exiting due to fatal error Mon Dec 5 19:39:34 2016 Exiting due to fatal error FAIL: t_cltsrv.sh ==================================================== 1 of 2 tests failed (1 test was not run) Please report to openvpn-us...@lists.sourceforge.net ==================================================== So I guess Debian's bug #367716 [1] will come back from the dead :-( with 2.4. Regards, Alberto [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=367716 -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55 ------------------------------------------------------------------------------ _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
