1643 – Set FD_CLOEXEC on client socket

Bug 1643 - Set FD_CLOEXEC on client socket

Summary: Set FD_CLOEXEC on client socket

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	5.2p1
Hardware:	Other Linux

Importance:	P2 normal
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_5_4
	Show dependency tree / graph

Reported:	2009-09-01 21:09 AEST by jchadima
Modified:	2010-03-26 10:51 AEDT (History)
CC List:	2 users (show)

See Also:

Attachments
Patch solving the problem (2.12 KB, patch) 2009-09-01 21:11 AEST, jchadima	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description jchadima 2009-09-01 21:09:46 AEST

Set FD_CLOEXEC on various sockets so they are not leaked to child processes

Comment 1 jchadima 2009-09-01 21:11:13 AEST

Created attachment 1690 [details]
Patch solving the problem

Comment 2 Darren Tucker 2009-09-01 22:30:09 AEST

Are any descriptors actually leaked and if so under what conditions?  There's a:

    closefrom(STDERR_FILENO + 1);

in session.c:do_exec() which is called for all login types.

Comment 3 Tomas Mraz 2009-09-01 23:05:35 AEST

They are leaked to the xauth child when executed on client for example.

Comment 4 Darren Tucker 2009-10-23 10:27:33 AEDT

ok, sounds reasonable, we should probably make it a helper function in misc.c

Comment 5 Darren Tucker 2009-11-10 15:31:26 AEDT

Thanks for the patch, this has been committed and will be in the 5.4 release.

Comment 6 Darren Tucker 2010-03-26 10:51:37 AEDT

With the release of 5.4p1, this bug is now considered closed.