diff options
author | Timo Weingärtner <timo@tiwe.de> | 2013-09-22 23:23:11 +0200 |
---|---|---|
committer | Timo Weingärtner <timo@tiwe.de> | 2013-09-22 23:23:11 +0200 |
commit | 4b2644c5cf45bb0775e777667aa5a54b9cd6bef8 (patch) | |
tree | ae12876e84e8d1a8bb67a7ee394d0b142a83749c | |
parent | 06df197ec118243a073923bb9f6803ffa426ea89 (diff) | |
download | ssh-agent-filter-4b2644c5cf45bb0775e777667aa5a54b9cd6bef8.tar.gz |
add CLOEXEC flag to sockets
SOCK_CLOEXEC is currently only available on linux >= 2.6.27 so fcntl is used
as a fallback.
-rw-r--r-- | ssh-agent-filter.C | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C index 733e12d..8d87d0b 100644 --- a/ssh-agent-filter.C +++ b/ssh-agent-filter.C @@ -49,6 +49,9 @@ namespace fs = boost::filesystem; #include "ssh-agent.h" #include "version.h" +#ifndef SOCK_CLOEXEC +#define SOCK_CLOEXEC 0 +#endif std::vector<std::string> allowed_b64; std::vector<std::string> allowed_md5; @@ -88,10 +91,14 @@ int make_upstream_agent_conn () { exit(EX_UNAVAILABLE); } - if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { + if ((sock = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) == -1) { perror("socket"); exit(EX_UNAVAILABLE); } + if (fcntl(sock, F_SETFD, fcntl(sock, F_GETFD) | FD_CLOEXEC)) { + perror("fcntl"); + exit(EX_UNAVAILABLE); + } addr.sun_family = AF_UNIX; @@ -114,10 +121,14 @@ int make_listen_sock () { int sock; struct sockaddr_un addr; - if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { + if ((sock = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) == -1) { perror("socket"); exit(EX_UNAVAILABLE); } + if (fcntl(sock, F_SETFD, fcntl(sock, F_GETFD) | FD_CLOEXEC)) { + perror("fcntl"); + exit(EX_UNAVAILABLE); + } addr.sun_family = AF_UNIX; |