time_t now, timeout;
epfd = epoll_create(128);
+ fcntl(epfd, F_SETFD, FD_CLOEXEC);
for(bl = blockers; bl; bl = nbl) {
nbl = bl->n;
if(regfd(bl))
#include <sys/socket.h>
#include <errno.h>
#include <ctype.h>
+#include <fcntl.h>
#ifdef HAVE_CONFIG_H
#include <config.h>
int stdmkchild(char **argv, void (*chinit)(void *), void *idata)
{
- int i;
pid_t pid;
int fd[2];
if(pid == 0) {
if(chinit != NULL)
chinit(idata);
- for(i = 3; i < FD_SETSIZE; i++) {
- if(i != fd[0])
- close(i);
- }
dup2(fd[0], 0);
close(fd[0]);
+ close(fd[1]);
execvp(argv[0], argv);
flog(LOG_WARNING, "could not exec child program %s: %s", argv[0], strerror(errno));
exit(127);
}
close(fd[0]);
+ fcntl(fd[1], F_SETFD, FD_CLOEXEC);
return(fd[1]);
}
dup2(fd, 0);
dup2(fd, 1);
- for(i = 3; i < FD_SETSIZE; i++)
- close(i);
+ close(fd);
bufinit(args);
for(i = 0; argv[i]; i++)
#include <errno.h>
#include <ctype.h>
#include <stdio.h>
+#include <fcntl.h>
#ifdef HAVE_CONFIG_H
#include <config.h>
if((fd = recvfd(sock, &buf.b, &buf.d)) < 0) {
return(-1);
}
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
buf.s = buf.d;
p = buf.b;
l = buf.d;
}
}
}
+ fcntl(fileno(out), F_SETFD, FD_CLOEXEC);
if((ch = stdmkchild(argv + optind + 1, NULL, NULL)) < 0) {
flog(LOG_ERR, "accesslog: could not fork child: %s", strerror(errno));
exit(1);
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <fcntl.h>
#include <errno.h>
#include <string.h>
close(fd);
return(-1);
}
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
return(fd);
}
close(fd);
return(-1);
}
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
return(fd);
}
{
struct passwd *pwd;
pid_t pid;
- int i, fd[2];
+ int fd[2];
/* XXX: There should be a way for the child to report errors (like
* 404 when htpub doesn't exist), but for now I don't bother with
if((pid = fork()) < 0)
return(-1);
if(pid == 0) {
- for(i = 3; i < FD_SETSIZE; i++) {
- if(i != fd[0])
- close(i);
- }
dup2(fd[0], 0);
close(fd[0]);
+ close(fd[1]);
login(pwd);
execchild(pwd);
exit(127);
}
close(fd[0]);
+ fcntl(fd[1], F_SETFD, FD_CLOEXEC);
return(fd[1]);
}