openssh/openssh-5.1p1-cloexec.patch
Tomáš Mráz 93a4744539 - upgrade to new upstream release
- fixed a problem with public key authentication and explicitely specified
    SELinux role
2008-07-23 14:50:23 +00:00

44 lines
1.4 KiB
Diff

diff -up openssh-5.1p1/sshconnect2.c.cloexec openssh-5.1p1/sshconnect2.c
--- openssh-5.1p1/sshconnect2.c.cloexec 2008-07-23 15:21:23.000000000 +0200
+++ openssh-5.1p1/sshconnect2.c 2008-07-23 15:23:19.000000000 +0200
@@ -38,6 +38,7 @@
#include <stdio.h>
#include <string.h>
#include <unistd.h>
+#include <fcntl.h>
#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
#include <vis.h>
#endif
@@ -1267,6 +1268,7 @@ ssh_keysign(Key *key, u_char **sigp, u_i
return -1;
}
if (pid == 0) {
+ fcntl(packet_get_connection_in(), F_SETFD, 0); /* keep the socket on exec */
permanently_drop_suid(getuid());
close(from[0]);
if (dup2(from[1], STDOUT_FILENO) < 0)
diff -up openssh-5.1p1/sshconnect.c.cloexec openssh-5.1p1/sshconnect.c
--- openssh-5.1p1/sshconnect.c.cloexec 2008-07-02 14:34:30.000000000 +0200
+++ openssh-5.1p1/sshconnect.c 2008-07-23 15:21:23.000000000 +0200
@@ -38,6 +38,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <fcntl.h>
#include "xmalloc.h"
#include "key.h"
@@ -194,8 +195,11 @@ ssh_create_socket(int privileged, struct
return sock;
}
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
- if (sock < 0)
+ if (sock < 0) {
error("socket: %.100s", strerror(errno));
+ return -1;
+ }
+ fcntl(sock, F_SETFD, FD_CLOEXEC);
/* Bind the socket to an alternative local IP address */
if (options.bind_address == NULL)