optimized FD_CLOEXEC on accept socket

2010-01-25 18:59:02 +00:00 · 2010-01-25 18:59:02 +00:00 · 606b55d024
commit 606b55d024
parent 7451555c05
2 changed files with 22 additions and 16 deletions
--- a/openssh-5.1p1-cloexec.patch
+++ b/openssh-5.1p1-cloexec.patch
@ -1,6 +1,6 @@
 diff -up openssh-5.3p1/channels.c.cloexec openssh-5.3p1/channels.c
--- openssh-5.3p1/channels.c.cloexec	2010-01-19 09:26:50.000000000 +0100
+--- openssh-5.3p1/channels.c.cloexec	2010-01-25 17:25:58.000000000 +0100
-+++ openssh-5.3p1/channels.c	2010-01-19 09:26:51.000000000 +0100
+++ openssh-5.3p1/channels.c	2010-01-25 17:26:01.000000000 +0100
@@ -60,6 +60,7 @@
 #include <termios.h>
 #include <unistd.h>
@ -29,8 +29,8 @@ diff -up openssh-5.3p1/channels.c.cloexec openssh-5.3p1/channels.c
 	c->wfd = wfd;
 	c->sock = (rfd == wfd) ? rfd : -1;
 diff -up openssh-5.3p1/sshconnect2.c.cloexec openssh-5.3p1/sshconnect2.c
--- openssh-5.3p1/sshconnect2.c.cloexec	2010-01-19 09:26:50.000000000 +0100
+--- openssh-5.3p1/sshconnect2.c.cloexec	2010-01-25 17:25:58.000000000 +0100
-+++ openssh-5.3p1/sshconnect2.c	2010-01-19 09:26:51.000000000 +0100
+++ openssh-5.3p1/sshconnect2.c	2010-01-25 17:26:01.000000000 +0100
@@ -39,6 +39,7 @@
 #include <stdio.h>
 #include <string.h>
@ -49,7 +49,7 @@ diff -up openssh-5.3p1/sshconnect2.c.cloexec openssh-5.3p1/sshconnect2.c
 		if (dup2(from[1], STDOUT_FILENO) < 0)
 diff -up openssh-5.3p1/sshconnect.c.cloexec openssh-5.3p1/sshconnect.c
 --- openssh-5.3p1/sshconnect.c.cloexec	2009-06-21 10:53:53.000000000 +0200
-+++ openssh-5.3p1/sshconnect.c	2010-01-19 09:26:51.000000000 +0100
+++ openssh-5.3p1/sshconnect.c	2010-01-25 17:26:01.000000000 +0100
@@ -38,6 +38,7 @@
 #include <stdlib.h>
 #include <string.h>
@ -72,13 +72,16 @@ diff -up openssh-5.3p1/sshconnect.c.cloexec openssh-5.3p1/sshconnect.c
 	/* Bind the socket to an alternative local IP address */
 	if (options.bind_address == NULL)
 diff -up openssh-5.3p1/sshd.c.cloexec openssh-5.3p1/sshd.c
--- openssh-5.3p1/sshd.c.cloexec	2010-01-19 09:43:45.000000000 +0100
+--- openssh-5.3p1/sshd.c.cloexec	2010-01-25 17:25:55.000000000 +0100
-+++ openssh-5.3p1/sshd.c	2010-01-19 09:47:04.000000000 +0100
+++ openssh-5.3p1/sshd.c	2010-01-25 18:29:23.000000000 +0100
-@@ -1105,6 +1105,7 @@ server_accept_loop(int *sock_in, int *so
+@@ -1756,6 +1756,10 @@ main(int ac, char **av)
- 					error("accept: %.100s", strerror(errno));
+ 		    sock_in, sock_out, newsock, startup_pipe, config_s[0]);
- 				continue;
+ 	}
- 			}
+ 
-+			fcntl(*newsock, F_SETFD, FD_CLOEXEC);
+	/* set fd cloexec on io/sockets to avoid to forward them to childern */
- 			if (unset_nonblock(*newsock) == -1) {
+	fcntl(sock_out, F_SETFD, FD_CLOEXEC);
- 				close(*newsock);
+	fcntl(sock_in, F_SETFD, FD_CLOEXEC);
- 				continue;
+
 	/*
 	 * Disable the key regeneration alarm.  We will not regenerate the
 	 * key since we are no longer in a position to give it to anyone. We
--- a/openssh.spec
+++ b/openssh.spec
@ -71,7 +71,7 @@ Name: openssh
 Version: 5.3p1
 # Do not rewind release to 1 on version upgrades unless the pam_ssh_agent_auth
 # is updated as well.
-Release: 19%{?dist}%{?rescue_rel}
+Release: 20%{?dist}%{?rescue_rel}
 URL: http://www.openssh.com/portable.html
 #URL1: http://pamsshagentauth.sourceforge.net
 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@ -525,6 +525,9 @@ fi
 %endif
 %changelog
 * Mon Jan 25 2010 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-20
 - optimized FD_CLOEXEC on accept socket (#541809)
 * Mon Jan 25 2010 Tomas Mraz <tmraz@redhat.com> - 5.3p1-19
 - updated pam_ssh_agent_auth to new version from upstream (just
  a licence change)