add CLOEXEC flag to sockets

SOCK_CLOEXEC is currently only available on linux >= 2.6.27 so fcntl is used
as a fallback.

1 files changed, 13 insertions, 2 deletions

diff --git a/ssh-agent-filter.C b/ssh-agent-filter.C
index 733e12d..8d87d0b 100644
--- a/ssh-agent-filter.C
+++ b/ssh-agent-filter.C
@@ -49,6 +49,9 @@ namespace fs = boost::filesystem;
 #include "ssh-agent.h"
 #include "version.h"
 
+#ifndef SOCK_CLOEXEC
+#define SOCK_CLOEXEC 0
+#endif
 
 std::vector<std::string> allowed_b64;
 std::vector<std::string> allowed_md5;
@@ -88,10 +91,14 @@ int make_upstream_agent_conn () {
 		exit(EX_UNAVAILABLE);
 	}
 
-	if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
+	if ((sock = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) == -1) {
 		perror("socket");
 		exit(EX_UNAVAILABLE);
 	}
+	if (fcntl(sock, F_SETFD, fcntl(sock, F_GETFD) | FD_CLOEXEC)) {
+		perror("fcntl");
+		exit(EX_UNAVAILABLE);
+	}
 	
 	addr.sun_family = AF_UNIX;
 	
@@ -114,10 +121,14 @@ int make_listen_sock () {
 	int sock;
 	struct sockaddr_un addr;
 	
-	if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
+	if ((sock = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0)) == -1) {
 		perror("socket");
 		exit(EX_UNAVAILABLE);
 	}
+	if (fcntl(sock, F_SETFD, fcntl(sock, F_GETFD) | FD_CLOEXEC)) {
+		perror("fcntl");
+		exit(EX_UNAVAILABLE);
+	}
 
 	addr.sun_family = AF_UNIX;