diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | flup/server/preforkserver.py | 16 | ||||
-rw-r--r-- | flup/server/threadedserver.py | 14 |
3 files changed, 35 insertions, 0 deletions
@@ -1,3 +1,8 @@ +2006-06-27 Allan Saddi <asaddi@kalahari.flup.org> + + * Set close-on-exec flag on all server sockets. Thanks to + Ralf Schmitt for reporting the problem. + 2006-06-18 Allan Saddi <asaddi@europa.saddi.net> * Stop ignoring EPIPE exceptions, as this is probably the diff --git a/flup/server/preforkserver.py b/flup/server/preforkserver.py index a544f47..d7c4bf4 100644 --- a/flup/server/preforkserver.py +++ b/flup/server/preforkserver.py @@ -53,6 +53,15 @@ if not hasattr(socket, 'socketpair'): socket.socketpair = socketpair +try: + import fcntl +except ImportError: + def setCloseOnExec(sock): + pass +else: + def setCloseOnExec(sock): + fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC) + class PreforkServer(object): """ A preforked server model conceptually similar to Apache httpd(2). At @@ -102,6 +111,9 @@ class PreforkServer(object): # Don't want operations on main socket to block. sock.setblocking(0) + # Set close-on-exec + setCloseOnExec(sock) + # Main loop. while self._keepGoing: # Maintain minimum number of children. @@ -255,7 +267,9 @@ class PreforkServer(object): # the parent and its children. parent, child = socket.socketpair() parent.setblocking(0) + setCloseOnExec(parent) child.setblocking(0) + setCloseOnExec(child) try: pid = os.fork() except OSError, e: @@ -317,6 +331,8 @@ class PreforkServer(object): continue raise + setCloseOnExec(clientSock) + # Check if this client is allowed. if not self._isClientAllowed(addr): clientSock.close() diff --git a/flup/server/threadedserver.py b/flup/server/threadedserver.py index 60c1bfa..c2d0e04 100644 --- a/flup/server/threadedserver.py +++ b/flup/server/threadedserver.py @@ -34,6 +34,15 @@ import errno from threadpool import ThreadPool +try: + import fcntl +except ImportError: + def setCloseOnExec(sock): + pass +else: + def setCloseOnExec(sock): + fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC) + __all__ = ['ThreadedServer'] class ThreadedServer(object): @@ -54,6 +63,9 @@ class ThreadedServer(object): self._hupReceived = False self._installSignalHandlers() + # Set close-on-exec + setCloseOnExec(sock) + # Main loop. while self._keepGoing: try: @@ -71,6 +83,8 @@ class ThreadedServer(object): continue raise + setCloseOnExec(clientSock) + if not self._isClientAllowed(addr): clientSock.close() continue |