--- nut-2.7.4/common/parseconf.c.cloexec 2018-12-07 15:56:22.989381441 -0800
+++ nut-2.7.4/common/parseconf.c 2018-12-07 16:48:33.912337591 -0800
@@ -83,6 +83,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <fcntl.h>
#include "parseconf.h"
@@ -443,6 +444,9 @@
return 0;
}
+ /* prevent fd leaking to child processes */
+ fcntl(fileno(ctx->f), F_SETFD, FD_CLOEXEC);
+
return 1; /* OK */
}
--- nut-2.7.4/clients/upsmon.c.cloexec 2018-12-07 16:22:42.185376803 -0800
+++ nut-2.7.4/clients/upsmon.c 2018-12-07 17:18:44.662093479 -0800
@@ -24,6 +24,8 @@
#include <sys/stat.h>
#include <sys/wait.h>
#include <sys/socket.h>
+#include <unistd.h>
+#include <fcntl.h>
#include "upsclient.h"
#include "upsmon.h"
@@ -1432,6 +1434,9 @@
/* we're definitely connected now */
setflag(&ups->status, ST_CONNECTED);
+ /* prevent connection leaking to NOTIFYCMD */
+ fcntl(upscli_fd(&ups->conn), F_SETFD, FD_CLOEXEC);
+
/* now try to authenticate to upsd */
ret = do_upsd_auth(ups);
@@ -1715,6 +1720,9 @@
}
close(pipefd[0]);
+
+ /* prevent pipe leaking to NOTIFYCMD */
+ fcntl(pipefd[1], F_SETFD, FD_CLOEXEC);
}
static void delete_ups(utype_t *target)
--- nut-2.7.4/clients/upssched.c.cloexec 2018-12-07 17:09:13.081914570 -0800
+++ nut-2.7.4/clients/upssched.c 2018-12-07 18:28:54.380512191 -0800
@@ -46,6 +46,8 @@
#include <sys/socket.h>
#include <sys/un.h>
#include <netinet/in.h>
+#include <unistd.h>
+#include <fcntl.h>
#include "upssched.h"
#include "timehead.h"
@@ -297,6 +299,9 @@
if (ret < 0)
fatal_with_errno(EXIT_FAILURE, "listen(%d, %d) failed", fd, US_LISTEN_BACKLOG);
+ /* don't leak socket to CMDSCRIPT */
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
+
return fd;
}
@@ -370,6 +375,9 @@
return;
}
+ /* don't leak connection to CMDSCRIPT */
+ fcntl(acc, F_SETFD, FD_CLOEXEC);
+
/* enable nonblocking I/O */
ret = fcntl(acc, F_GETFL, 0);