X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fdaemon.c;h=4ac34332b84a20b01412cc283e57fa4d52e94022;hb=3634fc257bd0667daef14d72005cd87c735bbb24;hp=8e6d6673adf5f8e73539ba7fbc36f60e9a5c633d;hpb=0a49a7a4f1090b6f1ce1d0f9d969804c9226b53e;p=exim.git

diff --git a/src/src/daemon.c b/src/src/daemon.c
index 8e6d6673a..4ac34332b 100644
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -1,5 +1,3 @@
-/* $Cambridge: exim/src/src/daemon.c,v 1.27 2009/11/16 19:50:36 nm4 Exp $ */
-
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
@@ -31,8 +29,8 @@ static smtp_slot empty_smtp_slot = { 0, NULL };
 *               Local static variables           *
 *************************************************/
 
-static volatile BOOL sigchld_seen;
-static volatile BOOL sighup_seen;
+static SIGNAL_BOOL sigchld_seen;
+static SIGNAL_BOOL sighup_seen;
 
 static int   accept_retry_count = 0;
 static int   accept_retry_errno;
@@ -425,6 +423,13 @@ if (pid == 0)
 
   for (i = 0; i < listen_socket_count; i++) (void)close(listen_sockets[i]);
 
+  /* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes
+  to be able to communicate with them, under any circumstances. */
+  (void)fcntl(accept_socket, F_SETFD,
+              fcntl(accept_socket, F_GETFD) | FD_CLOEXEC);
+  (void)fcntl(dup_accept_socket, F_SETFD,
+              fcntl(dup_accept_socket, F_GETFD) | FD_CLOEXEC);
+
   #ifdef SA_NOCLDWAIT
   act.sa_handler = SIG_IGN;
   sigemptyset(&(act.sa_mask));