blob: fa51dce16c18926b35f1c158544f4d3e628e0fd1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
Description: Set socket's FD_CLOEXEC flag before calling up script
Moving the set_cloexec() call from link_socket_init_phase2() to
link_socket_init_phase1().
Author: Julien Cristau <jcristau@debian.org>
Bug-Debian: http://bugs.debian.org/367716
Index: openvpn/src/openvpn/socket.c
===================================================================
--- openvpn.orig/src/openvpn/socket.c 2015-07-01 14:10:06.116131868 +0200
+++ openvpn/src/openvpn/socket.c 2015-07-01 14:10:06.112131911 +0200
@@ -1494,6 +1494,10 @@
resolve_bind_local (sock);
resolve_remote (sock, 1, NULL, NULL);
}
+
+ /* set socket file descriptor to not pass across execs, so that
+ scripts don't have access to it */
+ set_cloexec (sock->sd);
}
/* finalize socket initialization */
@@ -1724,10 +1728,6 @@
/* set socket to non-blocking mode */
set_nonblock (sock->sd);
- /* set socket file descriptor to not pass across execs, so that
- scripts don't have access to it */
- set_cloexec (sock->sd);
-
#ifdef ENABLE_SOCKS
if (socket_defined (sock->ctrl_sd))
set_cloexec (sock->ctrl_sd);
|