diff options
author | Darren Tucker <dtucker@zip.com.au> | 2010-01-08 17:07:22 +1100 |
---|---|---|
committer | Darren Tucker <dtucker@zip.com.au> | 2010-01-08 17:07:22 +1100 |
commit | 6e7fe1c01b8a69099ffc42e653cc478509e84781 (patch) | |
tree | d6636498087a2b9b4fd4651edd4e0f07788e51e1 /sshconnect2.c | |
parent | f788a91624601857c586a4dd97c66083946e7781 (diff) | |
download | openssh-git-6e7fe1c01b8a69099ffc42e653cc478509e84781.tar.gz |
- dtucker@cvs.openbsd.org 2009/11/10 04:30:45
[sshconnect2.c channels.c sshconnect.c]
Set close-on-exec on various descriptors so they don't get leaked to
child processes. bz #1643, patch from jchadima at redhat, ok deraadt.
Diffstat (limited to 'sshconnect2.c')
-rw-r--r-- | sshconnect2.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sshconnect2.c b/sshconnect2.c index 937bb773..299d4f4e 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.173 2009/10/24 11:13:54 andreas Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.174 2009/11/10 04:30:45 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2008 Damien Miller. All rights reserved. @@ -32,6 +32,7 @@ #include <sys/stat.h> #include <errno.h> +#include <fcntl.h> #include <netdb.h> #include <pwd.h> #include <signal.h> @@ -1527,6 +1528,8 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, return -1; } if (pid == 0) { + /* keep the socket on exec */ + fcntl(packet_get_connection_in(), F_SETFD, 0); permanently_drop_suid(getuid()); close(from[0]); if (dup2(from[1], STDOUT_FILENO) < 0) |