From fa32850be0d9e605da1b33305c122f7a59a24650 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Sun, 12 Dec 2010 02:48:18 +0000 Subject: [PATCH] Set FD_CLOEXEC on SMTP sockets after forking to handle the connection. --- doc/doc-txt/ChangeLog | 3 +++ src/src/daemon.c | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index cf307014b..624e0a8c7 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -89,6 +89,9 @@ DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration files to be used while preserving root privileges. +DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure + that rogue child processes cannot use them. + Exim version 4.72 ----------------- diff --git a/src/src/daemon.c b/src/src/daemon.c index 8e6d6673a..3db9be374 100644 --- a/src/src/daemon.c +++ b/src/src/daemon.c @@ -425,6 +425,13 @@ if (pid == 0) for (i = 0; i < listen_socket_count; i++) (void)close(listen_sockets[i]); + /* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes + to be able to communicate with them, under any circumstances. */ + (void)fcntl(accept_socket, F_SETFD, + fcntl(accept_socket, F_GETFD) | FD_CLOEXEC); + (void)fcntl(dup_accept_socket, F_SETFD, + fcntl(dup_accept_socket, F_GETFD) | FD_CLOEXEC); + #ifdef SA_NOCLDWAIT act.sa_handler = SIG_IGN; sigemptyset(&(act.sa_mask)); -- 2.25.1