From 6e7fe1c01b8a69099ffc42e653cc478509e84781 Mon Sep 17 00:00:00 2001
From: Darren Tucker <dtucker@zip.com.au>
Date: Fri, 8 Jan 2010 17:07:22 +1100
Subject:    - dtucker@cvs.openbsd.org 2009/11/10 04:30:45      [sshconnect2.c
 channels.c sshconnect.c]      Set close-on-exec on various descriptors so
 they don't get leaked to      child processes.  bz #1643, patch from jchadima
 at redhat, ok deraadt.

---
 sshconnect2.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'sshconnect2.c')

diff --git a/sshconnect2.c b/sshconnect2.c
index 937bb773..299d4f4e 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.173 2009/10/24 11:13:54 andreas Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.174 2009/11/10 04:30:45 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Damien Miller.  All rights reserved.
@@ -32,6 +32,7 @@
 #include <sys/stat.h>
 
 #include <errno.h>
+#include <fcntl.h>
 #include <netdb.h>
 #include <pwd.h>
 #include <signal.h>
@@ -1527,6 +1528,8 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
 		return -1;
 	}
 	if (pid == 0) {
+		/* keep the socket on exec */
+		fcntl(packet_get_connection_in(), F_SETFD, 0);
 		permanently_drop_suid(getuid());
 		close(from[0]);
 		if (dup2(from[1], STDOUT_FILENO) < 0)
-- 
cgit v1.2.1