luc14n0/glib
1
0
Fork 0
mirror of https://gitlab.gnome.org/GNOME/glib.git synced 2025-08-01 23:13:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

GSocket: Use MSG_CMSG_CLOEXEC

Browse Source 
This ensures received file descriptors don't leak to child processes.

https://bugzilla.gnome.org/show_bug.cgi?id=649480
This commit is contained in:
Colin Walters
2011-05-05 13:16:54 -04:00
parent 7ca8691a93
commit 8932a1a7a3
2 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
gio/gsocket.c
View File

@@ -3290,6 +3290,14 @@ g_socket_receive_message (GSocket *socket,
else
msg.msg_flags = 0;
/* We always set the close-on-exec flag so we don't leak file
* descriptors into child processes. Note that gunixfdmessage.c
* will later call fcntl (fd, FD_CLOEXEC), but that isn't atomic.
*/
#ifdef MSG_CMSG_CLOEXEC
msg.msg_flags |= MSG_CMSG_CLOEXEC;
#endif
/* do it */
while (1)
{
@@ -3299,6 +3307,14 @@ g_socket_receive_message (GSocket *socket,
return -1;
result = recvmsg (socket->priv->fd, &msg, msg.msg_flags);
#ifdef MSG_CMSG_CLOEXEC
if (result < 0 && get_socket_errno () == EINVAL)
{
/* We must be running on an old kernel. Call without the flag. */
msg.msg_flags &= ~(MSG_CMSG_CLOEXEC);
result = recvmsg (socket->priv->fd, &msg, msg.msg_flags);
}
#endif
if (result < 0)
{