close more file descriptors on exec

Don't inherit the --status and --ifconfig-pool-persist, and on Linux the epoll(7), file descriptors to scripts and other processes that may be forked by plugins. Signed-off-by: Heiko Hund <heiko.hund@sophos.com> Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 1359728354-9405-1-git-send-email-heiko.hund@sophos.com URL: http://article.gmane.org/gmane.network.openvpn.devel/7312 Signed-off-by: David Sommerseth <davids@redhat.com>
author: Heiko Hund <heiko.hund@sophos.com> 2013-02-01 15:19:14 +0100
committer: David Sommerseth <davids@redhat.com> 2013-02-02 12:10:01 +0100
commit: 09ee4192b1d16bbd7c3c138cc2d46760a11797bf (patch)
tree: eac5672ff1dbd524e4bd2a1c3f4d38bee04ffa72 /src/openvpn/status.c
parent: 1978db4b9657f0db134f1deaeb1e8400bf6a033e (diff)
download: openvpn-09ee4192b1d16bbd7c3c138cc2d46760a11797bf.tar.gz
openvpn-09ee4192b1d16bbd7c3c138cc2d46760a11797bf.tar.xz
openvpn-09ee4192b1d16bbd7c3c138cc2d46760a11797bf.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/openvpn/status.c b/src/openvpn/status.c
index 5f9ab9e..b7ff484 100644
--- a/src/openvpn/status.c
+++ b/src/openvpn/status.c
@@ -33,6 +33,7 @@
 #include "status.h"
 #include "perf.h"
 #include "misc.h"
+#include "fdmisc.h"
 
 #include "memdbg.h"
 
@@ -98,6 +99,7 @@ status_open (const char *filename,
 	  if (so->fd >= 0)
 	    {
 	      so->filename = string_alloc (filename, NULL);
+             set_cloexec (so->fd);
 
 	      /* allocate read buffer */
 	      if (so->flags & STATUS_OUTPUT_READ)
author	Heiko Hund <heiko.hund@sophos.com>	2013-02-01 15:19:14 +0100
committer	David Sommerseth <davids@redhat.com>	2013-02-02 12:10:01 +0100
commit	09ee4192b1d16bbd7c3c138cc2d46760a11797bf (patch)
tree	eac5672ff1dbd524e4bd2a1c3f4d38bee04ffa72 /src/openvpn/status.c
parent	1978db4b9657f0db134f1deaeb1e8400bf6a033e (diff)
download	openvpn-09ee4192b1d16bbd7c3c138cc2d46760a11797bf.tar.gz openvpn-09ee4192b1d16bbd7c3c138cc2d46760a11797bf.tar.xz openvpn-09ee4192b1d16bbd7c3c138cc2d46760a11797bf.zip