Commit 8932a1a7 authored by Colin Walters's avatar Colin Walters

GSocket: Use MSG_CMSG_CLOEXEC

This ensures received file descriptors don't leak to child processes.

https://bugzilla.gnome.org/show_bug.cgi?id=649480
parent 7ca8691a
......@@ -3290,6 +3290,14 @@ g_socket_receive_message (GSocket *socket,
else
msg.msg_flags = 0;
/* We always set the close-on-exec flag so we don't leak file
* descriptors into child processes. Note that gunixfdmessage.c
* will later call fcntl (fd, FD_CLOEXEC), but that isn't atomic.
*/
#ifdef MSG_CMSG_CLOEXEC
msg.msg_flags |= MSG_CMSG_CLOEXEC;
#endif
/* do it */
while (1)
{
......@@ -3299,6 +3307,14 @@ g_socket_receive_message (GSocket *socket,
return -1;
result = recvmsg (socket->priv->fd, &msg, msg.msg_flags);
#ifdef MSG_CMSG_CLOEXEC
if (result < 0 && get_socket_errno () == EINVAL)
{
/* We must be running on an old kernel. Call without the flag. */
msg.msg_flags &= ~(MSG_CMSG_CLOEXEC);
result = recvmsg (socket->priv->fd, &msg, msg.msg_flags);
}
#endif
if (result < 0)
{
......
......@@ -101,6 +101,10 @@ g_unix_fd_message_deserialize (int level,
fds = data;
n = size / sizeof (gint);
/* Note we probably handled this in gsocket.c already if we're on
* Linux and have MSG_CMSG_CLOEXEC, but this code remains as a fallback
* in case the kernel is too old for MSG_CMSG_CLOEXEC.
*/
for (i = 0; i < n; i++)
{
do
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment