Bug 1643

Summary: Set FD_CLOEXEC on client socket
Product: Portable OpenSSH Reporter: jchadima
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED FIXED    
Severity: normal CC: dtucker, t8m
Priority: P2    
Version: 5.2p1   
Hardware: Other   
OS: Linux   
Bug Depends on:    
Bug Blocks: 1626    
Attachments:
Description Flags
Patch solving the problem none

Description jchadima 2009-09-01 21:09:46 AEST 
Set FD_CLOEXEC on various sockets so they are not leaked to child processes
Comment 1 jchadima 2009-09-01 21:11:13 AEST 
Created attachment 1690 [details]
Patch solving the problem
Comment 2 Darren Tucker 2009-09-01 22:30:09 AEST 
Are any descriptors actually leaked and if so under what conditions?  There's a:

    closefrom(STDERR_FILENO + 1);

in session.c:do_exec() which is called for all login types.
Comment 3 Tomas Mraz 2009-09-01 23:05:35 AEST 
They are leaked to the xauth child when executed on client for example.
Comment 4 Darren Tucker 2009-10-23 10:27:33 AEDT 
ok, sounds reasonable, we should probably make it a helper function in misc.c
Comment 5 Darren Tucker 2009-11-10 15:31:26 AEDT 
Thanks for the patch, this has been committed and will be in the 5.4 release.
Comment 6 Darren Tucker 2010-03-26 10:51:37 AEDT 
With the release of 5.4p1, this bug is now considered closed.