From 31a2b976fc03ae08f08809aa702361c420292e44 Mon Sep 17 00:00:00 2001 From: Matt Domsch Date: Oct 29 2008 15:57:26 +0000 Subject: close file descriptors on exec (BZ#467381) --- diff --git a/aiccu-cloexec.patch b/aiccu-cloexec.patch new file mode 100644 index 0000000..c61e6be --- /dev/null +++ b/aiccu-cloexec.patch @@ -0,0 +1,59 @@ +diff -urNp --exclude-from=/home/mdomsch/excludes --minimal aiccu.orig/common/common.c aiccu/common/common.c +--- aiccu.orig/common/common.c 2008-10-17 18:43:13.000000000 -0500 ++++ aiccu/common/common.c 2008-10-17 22:11:52.000000000 -0500 +@@ -365,6 +365,7 @@ TLSSOCKET connect_client(const char *hos + { + sock->socket = socket(res->ai_family, res->ai_socktype, res->ai_protocol); + if (sock->socket == -1) continue; ++ fcntl(sock->socket, F_SETFD, FD_CLOEXEC); + if (connect(sock->socket, res->ai_addr, (unsigned int)res->ai_addrlen) == 0) break; + closesocket(sock->socket); + sock->socket = -1; +@@ -428,6 +429,7 @@ TLSSOCKET listen_server(const char *desc + sock->socket = socket(res->ai_family, res->ai_socktype, res->ai_protocol); + if (!(sock->socket < 0)) + { ++ fcntl(sock->socket, F_SETFD, FD_CLOEXEC); + setsockopt(sock->socket, SOL_SOCKET, SO_REUSEADDR, (const char *)&on, sizeof(on)); + if (bind(sock->socket, res->ai_addr, (unsigned int)res->ai_addrlen) == 0) break; + closesocket(sock->socket); +diff -urNp --exclude-from=/home/mdomsch/excludes --minimal aiccu.orig/common/heartbeat.c aiccu/common/heartbeat.c +--- aiccu.orig/common/heartbeat.c 2008-10-17 18:43:13.000000000 -0500 ++++ aiccu/common/heartbeat.c 2008-10-17 22:12:51.000000000 -0500 +@@ -58,6 +58,7 @@ SOCKET heartbeat_socket( + dolog(LOG_ERR, "Couldn't open a socket for determining current IPv4 address\n"); + return -1; + } ++ fcntl(sockfd, F_SETFD, FD_CLOEXEC); + + #if defined(SOL_SOCKET) && defined(SO_BINDTODEVICE) + /* +diff -urNp --exclude-from=/home/mdomsch/excludes --minimal aiccu.orig/common/tun.c aiccu/common/tun.c +--- aiccu.orig/common/tun.c 2008-10-17 18:43:13.000000000 -0500 ++++ aiccu/common/tun.c 2008-10-17 22:12:42.000000000 -0500 +@@ -696,6 +696,8 @@ bool tun_start(struct tun_reader *tun) + + /* Create a new tap device */ + tun_fd = open("/dev/net/tun", O_RDWR); ++ if (tun_fd >= 0) ++ fcntl(tun_fd, F_SETFD, FD_CLOEXEC); + if (tun_fd == -1) + { + tun_log(LOG_ERR, "start", "Couldn't open device %s: %s (%d)\n", "/dev/net/tun", strerror(errno), errno); +@@ -725,6 +727,8 @@ bool tun_start(struct tun_reader *tun) + tun_log(LOG_DEBUG, "start", "Trying Configured TUN/TAP interface %s...\n", g_aiccu->ipv6_interface); + snprintf(buf, sizeof(buf), "/dev/%s", g_aiccu->ipv6_interface); + tun_fd = open(buf, O_RDWR); ++ if (tun_fd >= 0) ++ fcntl(tun_fd, F_SETFD, FD_CLOEXEC); + if (tun_fd < 0) + { + /* Fall back to trying all /dev/tun* devices */ +@@ -735,6 +739,7 @@ bool tun_start(struct tun_reader *tun) + tun_fd = open(buf, O_RDWR); + if (tun_fd >= 0) + { ++ fcntl(tun_fd, F_SETFD, FD_CLOEXEC); + /* Copy over the name of the interface so that configging goes okay */ + if (g_aiccu->ipv6_interface) free(g_aiccu->ipv6_interface); + snprintf(buf, sizeof(buf), "tun%u", i); diff --git a/aiccu.spec b/aiccu.spec index 01ea688..32bbf7f 100644 --- a/aiccu.spec +++ b/aiccu.spec @@ -9,13 +9,14 @@ Summary: AICCU - SixXS Automatic IPv6 Connectivity Client Utility Name: aiccu Version: 2007.01.15 -Release: 4%{?dist} +Release: 5%{?dist} License: BSD Group: System Environment/Daemons URL: http://www.sixxs.net/tools/aiccu/ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Source: http://www.sixxs.net/archive/sixxs/aiccu/unix/aiccu_20070115.tar.gz Patch0: aiccu-lsb-initscript.patch +Patch1: aiccu-cloexec.patch BuildRequires: gnutls-devel Requires: iproute Requires(post): chkconfig @@ -32,6 +33,8 @@ For more information about SixXS check http://www.sixxs.net %prep %setup -q -n %{name} %patch0 -p1 +%patch1 -p1 + # fix executable permissions on non-executable content # so debuginfo can pick them up properly find . -type f -not -name rules -and -not -name *init* -exec chmod a-x \{\} \; @@ -72,6 +75,9 @@ make clean %{_sysconfdir}/init.d/aiccu %changelog +* Fri Oct 17 2008 Matt Domsch - 2007.01.15-5 +- close file descriptors on exec (BZ#467381) + * Tue Jun 24 2008 Tomas Mraz 2007.01.15-4 - rebuild with new gnutls