mirror of
https://github.com/yarrick/iodine.git
synced 2024-11-22 14:41:28 +00:00
Do not let sockets be inherited by sub-processes
Set FD_CLOEXEC flag on tunnel and UDP file descriptors. Fixes ticket #99, "should not allow UDP socket to be inherited by ifconfig"
This commit is contained in:
parent
a23899513d
commit
3fadbfb580
|
@ -23,6 +23,7 @@ master:
|
||||||
- A number of minor patches from Frank Denis, Gregor Herrmann and
|
- A number of minor patches from Frank Denis, Gregor Herrmann and
|
||||||
Barak A. Pearlmutter.
|
Barak A. Pearlmutter.
|
||||||
- Testcase compilation fixes for OS X and FreeBSD
|
- Testcase compilation fixes for OS X and FreeBSD
|
||||||
|
- Do not let sockets be inherited by sub-processes, fixes #99.
|
||||||
|
|
||||||
2010-02-06: 0.6.0-rc1 "Hotspotify"
|
2010-02-06: 0.6.0-rc1 "Hotspotify"
|
||||||
- Fixed tunnel not working on Windows.
|
- Fixed tunnel not working on Windows.
|
||||||
|
|
18
src/common.c
18
src/common.c
|
@ -189,6 +189,8 @@ open_dns(struct sockaddr_storage *sockaddr, size_t sockaddr_len)
|
||||||
#ifndef WINDOWS32
|
#ifndef WINDOWS32
|
||||||
/* To get destination address from each UDP datagram, see iodined.c:read_dns() */
|
/* To get destination address from each UDP datagram, see iodined.c:read_dns() */
|
||||||
setsockopt(fd, IPPROTO_IP, DSTADDR_SOCKOPT, (const void*) &flag, sizeof(flag));
|
setsockopt(fd, IPPROTO_IP, DSTADDR_SOCKOPT, (const void*) &flag, sizeof(flag));
|
||||||
|
|
||||||
|
fd_set_close_on_exec(fd);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef IP_OPT_DONT_FRAG
|
#ifdef IP_OPT_DONT_FRAG
|
||||||
|
@ -461,3 +463,19 @@ int recent_seqno(int ourseqno, int gotseqno)
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Set FD_CLOEXEC flag on file descriptor.
|
||||||
|
* This stops it from being inherited by system() calls.
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
fd_set_close_on_exec(int fd)
|
||||||
|
{
|
||||||
|
int flags;
|
||||||
|
|
||||||
|
flags = fcntl(fd, F_GETFD);
|
||||||
|
if (flags == -1)
|
||||||
|
err(4, "Failed to get fd flags");
|
||||||
|
flags |= FD_CLOEXEC;
|
||||||
|
if (fcntl(fd, F_SETFD, flags) == -1)
|
||||||
|
err(4, "Failed to set fd flags");
|
||||||
|
}
|
||||||
|
|
|
@ -136,4 +136,6 @@ void warnx(const char *fmt, ...);
|
||||||
|
|
||||||
int recent_seqno(int , int);
|
int recent_seqno(int , int);
|
||||||
|
|
||||||
|
void fd_set_close_on_exec(int fd);
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
|
@ -98,6 +98,7 @@ open_tun(const char *tun_device)
|
||||||
|
|
||||||
if (ioctl(tun_fd, TUNSETIFF, (void *) &ifreq) != -1) {
|
if (ioctl(tun_fd, TUNSETIFF, (void *) &ifreq) != -1) {
|
||||||
fprintf(stderr, "Opened %s\n", ifreq.ifr_name);
|
fprintf(stderr, "Opened %s\n", ifreq.ifr_name);
|
||||||
|
fd_set_close_on_exec(tun_fd);
|
||||||
return tun_fd;
|
return tun_fd;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -112,6 +113,7 @@ open_tun(const char *tun_device)
|
||||||
if (ioctl(tun_fd, TUNSETIFF, (void *) &ifreq) != -1) {
|
if (ioctl(tun_fd, TUNSETIFF, (void *) &ifreq) != -1) {
|
||||||
fprintf(stderr, "Opened %s\n", ifreq.ifr_name);
|
fprintf(stderr, "Opened %s\n", ifreq.ifr_name);
|
||||||
snprintf(if_name, sizeof(if_name), "dns%d", i);
|
snprintf(if_name, sizeof(if_name), "dns%d", i);
|
||||||
|
fd_set_close_on_exec(tun_fd);
|
||||||
return tun_fd;
|
return tun_fd;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -147,6 +149,7 @@ open_tun(const char *tun_device)
|
||||||
}
|
}
|
||||||
|
|
||||||
fprintf(stderr, "Opened %s\n", tun_name);
|
fprintf(stderr, "Opened %s\n", tun_name);
|
||||||
|
fd_set_close_on_exec(tun_fd);
|
||||||
return tun_fd;
|
return tun_fd;
|
||||||
} else {
|
} else {
|
||||||
for (i = 0; i < TUN_MAX_TRY; i++) {
|
for (i = 0; i < TUN_MAX_TRY; i++) {
|
||||||
|
@ -155,6 +158,7 @@ open_tun(const char *tun_device)
|
||||||
if ((tun_fd = open(tun_name, O_RDWR)) >= 0) {
|
if ((tun_fd = open(tun_name, O_RDWR)) >= 0) {
|
||||||
fprintf(stderr, "Opened %s\n", tun_name);
|
fprintf(stderr, "Opened %s\n", tun_name);
|
||||||
snprintf(if_name, sizeof(if_name), "tun%d", i);
|
snprintf(if_name, sizeof(if_name), "tun%d", i);
|
||||||
|
fd_set_close_on_exec(tun_fd);
|
||||||
return tun_fd;
|
return tun_fd;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue