set cloexec status on the socketpair fds

the executor forks to spawn the cgi scripts, and they inherit the socket for communication with the listener process. Make that impossible.
2021-01-31 11:07:12 +00:00 · 2021-01-31 11:07:12 +00:00 · 8503a1431d
parent 91d7870bb7
commit 8503a1431d
1 changed files with 2 additions and 1 deletions
--- a/gmid.c
+++ b/gmid.c
@ -582,7 +582,8 @@ main(int argc, char **argv)
 			fatal("daemon: %s", strerror(errno));
 	}

-	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, p) == -1)
+	if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC,
+	    PF_UNSPEC, p) == -1)
 		fatal("socketpair: %s", strerror(errno));

 	switch (fork()) {