--- rfc931.c.orig +++ rfc931.c @@ -45,7 +45,7 @@ int protocol; int s; FILE *fp; - if ((s = socket(domain, type, protocol)) < 0) { + if ((s = socket(domain, type | SOCK_CLOEXEC, protocol)) < 0) { tcpd_warn("socket: %m"); return (0); } else { --- tcpdchk.c.orig +++ tcpdchk.c @@ -210,7 +210,7 @@ struct request_info *request; saved_context = tcpd_context; /* stupid compilers */ - if (fp = fopen(table, "r")) { + if (fp = fopen(table, "re")) { tcpd_context.file = table; tcpd_context.line = 0; while (xgets(sv_list, sizeof(sv_list), fp)) { --- inetcf.c.orig +++ inetcf.c @@ -81,12 +81,12 @@ char *conf; * guesses. */ if (conf != 0) { - if ((fp = fopen(conf, "r")) == 0) { + if ((fp = fopen(conf, "re")) == 0) { fprintf(stderr, percent_m(buf, "open %s: %m\n"), conf); exit(1); } } else { - for (i = 0; inet_files[i] && (fp = fopen(inet_files[i], "r")) == 0; i++) + for (i = 0; inet_files[i] && (fp = fopen(inet_files[i], "re")) == 0; i++) /* void */ ; if (!fp) { fprintf(stderr, "Cannot find your inetd.conf or tlid.conf file.\n"); --- options.c.orig +++ options.c @@ -227,7 +227,7 @@ struct request_info *request; FILE *fp; sprintf(path, "%s/%s", value, eval_daemon(request)); - if ((fp = fopen(path, "r")) != 0) { + if ((fp = fopen(path, "re")) != 0) { while ((ch = fgetc(fp)) == 0) write(request->fd, "", 1); ungetc(ch, fp); --- hosts_access.c.orig +++ hosts_access.c @@ -173,7 +173,7 @@ struct request_info *request; * file descriptor leaks. */ - if ((fp = fopen(table, "r")) != 0) { + if ((fp = fopen(table, "re")) != 0) { tcpd_context.file = table; tcpd_context.line = 0; while (match == NO && xgets(sv_list, sizeof(sv_list), fp) != 0) { @@ -283,7 +283,7 @@ struct hosts_info *host; int match = NO; FILE *fp; - if ((fp = fopen(path, "r")) != 0) { + if ((fp = fopen(path, "re")) != 0) { while (fscanf(fp, "%s", tok) == 1 && !(match = host_match(tok, host))) /* void */ ; fclose(fp);