diff options
author | Andy Pan <panjf2000@gmail.com> | 2021-01-20 04:57:30 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-19 22:57:30 +0200 |
commit | fb66e2e24943018961321d13e46ee2ab66de882a (patch) | |
tree | 04075a8d909bc1eba249ecb1aaf1b4705fc84823 /src/sentinel.c | |
parent | aaf71b380ed5ef8d5d63f8a60733c35202c5b838 (diff) | |
download | redis-fb66e2e24943018961321d13e46ee2ab66de882a.tar.gz |
Use FD_CLOEXEC in Sentinel, so that FDs don't leak to the scripts it runs (#8242)
Sentinel uses execve to run scripts, so it needs to use FD_CLOEXEC
on all file descriptors, so that they're not accessible by the script it runs.
This commit includes a change to the sentinel tests, which verifies no
FDs are left opened when the script is executed.
Diffstat (limited to 'src/sentinel.c')
-rw-r--r-- | src/sentinel.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/sentinel.c b/src/sentinel.c index 089282b71..26c129385 100644 --- a/src/sentinel.c +++ b/src/sentinel.c @@ -2135,6 +2135,7 @@ void sentinelReconnectInstance(sentinelRedisInstance *ri) { link->cc->errstr); instanceLinkCloseConnection(link,link->cc); } else { + anetCloexec(link->cc->c.fd); link->pending_commands = 0; link->cc_conn_time = mstime(); link->cc->data = link; @@ -2162,7 +2163,7 @@ void sentinelReconnectInstance(sentinelRedisInstance *ri) { instanceLinkCloseConnection(link,link->pc); } else { int retval; - + anetCloexec(link->pc->c.fd); link->pc_conn_time = mstime(); link->pc->data = link; redisAeAttach(server.el,link->pc); |