- dtucker@cvs.openbsd.org 2009/11/10 04:30:45

[sshconnect2.c channels.c sshconnect.c] Set close-on-exec on various descriptors so they don't get leaked to child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
author: Darren Tucker <dtucker@zip.com.au> 2010-01-08 17:07:22 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2010-01-08 17:07:22 +1100
commit: 6e7fe1c01b8a69099ffc42e653cc478509e84781 (patch)
tree: d6636498087a2b9b4fd4651edd4e0f07788e51e1 /sshconnect2.c
parent: f788a91624601857c586a4dd97c66083946e7781 (diff)
download: openssh-git-6e7fe1c01b8a69099ffc42e653cc478509e84781.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/sshconnect2.c b/sshconnect2.c
index 937bb773..299d4f4e 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.173 2009/10/24 11:13:54 andreas Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.174 2009/11/10 04:30:45 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -32,6 +32,7 @@
 #include <sys/stat.h>
 
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <signal.h>
@@ -1527,6 +1528,8 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
 		return -1;
 	}
 	if (pid == 0) {
+		/* keep the socket on exec */
+		fcntl(packet_get_connection_in(), F_SETFD, 0);
 		permanently_drop_suid(getuid());
 		close(from[0]);
 		if (dup2(from[1], STDOUT_FILENO) < 0)
author	Darren Tucker <dtucker@zip.com.au>	2010-01-08 17:07:22 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2010-01-08 17:07:22 +1100
commit	6e7fe1c01b8a69099ffc42e653cc478509e84781 (patch)
tree	d6636498087a2b9b4fd4651edd4e0f07788e51e1 /sshconnect2.c
parent	f788a91624601857c586a4dd97c66083946e7781 (diff)
download	openssh-git-6e7fe1c01b8a69099ffc42e653cc478509e84781.tar.gz