dovecot-1.2: Call closelog() before dup2()ing fds.

dovecot at dovecot.org dovecot at dovecot.org
Wed Apr 1 19:48:27 EEST 2009 

details:   http://hg.dovecot.org/dovecot-1.2/rev/774b0e8138bd
changeset: 8881:774b0e8138bd
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Apr 01 12:48:17 2009 -0400
description:
Call closelog() before dup2()ing fds.

diffstat:

4 files changed, 29 insertions(+), 29 deletions(-)
src/master/auth-process.c  |   16 ++++++++--------
src/master/dict-process.c  |    8 ++++----
src/master/login-process.c |    8 ++++----
src/master/mail-process.c  |   26 +++++++++++++-------------

diffs (141 lines):

diff -r 709128511fd5 -r 774b0e8138bd src/master/auth-process.c
--- a/src/master/auth-process.c	Wed Apr 01 11:42:56 2009 -0400
+++ b/src/master/auth-process.c	Wed Apr 01 12:48:17 2009 -0400
@@ -576,6 +576,10 @@ static int create_auth_process(struct au
 	(void)close(fd[0]);
 	(void)close(fd[1]);
 
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
+	closelog();
+
 	/* set stdout to /dev/null, so anything written into it gets ignored. */
 	if (dup2(null_fd, 1) < 0)
 		i_fatal("dup2(stdout) failed: %m");
@@ -602,10 +606,6 @@ static int create_auth_process(struct au
 				dec2str(getpid())));
 	env_put(t_strdup_printf("AUTH_WORKER_MAX_COUNT=%u",
 				group->set->worker_max_count));
-
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
-	closelog();
 
 	executable = group->set->executable;
 	client_process_exec(executable, "");
@@ -649,6 +649,10 @@ static int create_auth_worker(struct aut
 				 process->group->set->name);
 	log_set_prefix(log, prefix);
 
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
+	closelog();
+
 	/* set stdin and stdout to /dev/null, so anything written into it
 	   gets ignored. */
 	if (dup2(null_fd, 0) < 0)
@@ -668,10 +672,6 @@ static int create_auth_worker(struct aut
 
 	child_process_init_env();
         auth_set_environment(process->group->set);
-
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
-	closelog();
 
 	executable = t_strconcat(process->group->set->executable, " -w", NULL);
 	client_process_exec(executable, "");
diff -r 709128511fd5 -r 774b0e8138bd src/master/dict-process.c
--- a/src/master/dict-process.c	Wed Apr 01 11:42:56 2009 -0400
+++ b/src/master/dict-process.c	Wed Apr 01 12:48:17 2009 -0400
@@ -78,6 +78,10 @@ static int dict_process_create(struct di
 	}
 	log_set_prefix(log, "master-dict: ");
 
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
+	closelog();
+
 	/* set stdin and stdout to /dev/null, so anything written into it
 	   gets ignored. */
 	if (dup2(null_fd, 0) < 0)
@@ -108,10 +112,6 @@ static int dict_process_create(struct di
 	i_assert((count % 2) == 0);
 	for (i = 0; i < count; i += 2)
 		env_put(t_strdup_printf("DICT_%s=%s", dicts[i], dicts[i+1]));
-
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
-	closelog();
 
 	executable = PKG_LIBEXECDIR"/dict";
 	client_process_exec(executable, "");
diff -r 709128511fd5 -r 774b0e8138bd src/master/login-process.c
--- a/src/master/login-process.c	Wed Apr 01 11:42:56 2009 -0400
+++ b/src/master/login-process.c	Wed Apr 01 12:48:17 2009 -0400
@@ -707,6 +707,10 @@ static pid_t create_login_process(struct
 			dup2_append(&dups, listens[i].fd, cur_fd);
 	}
 
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
+	closelog();
+
 	if (dup2_array(&dups) < 0)
 		i_fatal("Failed to dup2() fds");
 
@@ -723,10 +727,6 @@ static pid_t create_login_process(struct
 	env_put(t_strdup_printf("SSL_LISTEN_FDS=%u", ssl_listen_count));
 
 	restrict_process_size(group->set->login_process_size, (unsigned int)-1);
-
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
-	closelog();
 
 	client_process_exec(group->set->login_executable, "");
 	i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m",
diff -r 709128511fd5 -r 774b0e8138bd src/master/mail-process.c
--- a/src/master/mail-process.c	Wed Apr 01 11:42:56 2009 -0400
+++ b/src/master/mail-process.c	Wed Apr 01 12:48:17 2009 -0400
@@ -758,17 +758,6 @@ create_mail_process(enum process_type pr
 
 	child_process_init_env();
 
-	/* move the client socket into stdin and stdout fds, log to stderr */
-	if (dup2(dump_capability ? null_fd : request->fd, 0) < 0)
-		i_fatal("dup2(stdin) failed: %m");
-	if (dup2(request->fd, 1) < 0)
-		i_fatal("dup2(stdout) failed: %m");
-	if (dup2(log_fd, 2) < 0)
-		i_fatal("dup2(stderr) failed: %m");
-
-	for (i = 0; i < 3; i++)
-		fd_close_on_exec(i, FALSE);
-
 	/* setup environment - set the most important environment first
 	   (paranoia about filling up environment without noticing) */
 	restrict_access_set_env(system_groups_user, uid, gid,
@@ -900,9 +889,20 @@ create_mail_process(enum process_type pr
 		i_snprintf(title, sizeof(title), "[%s %s]", user, addr);
 	}
 
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
 	closelog();
+
+	/* move the client socket into stdin and stdout fds, log to stderr */
+	if (dup2(dump_capability ? null_fd : request->fd, 0) < 0)
+		i_fatal("dup2(stdin) failed: %m");
+	if (dup2(request->fd, 1) < 0)
+		i_fatal("dup2(stdout) failed: %m");
+	if (dup2(log_fd, 2) < 0)
+		i_fatal("dup2(stderr) failed: %m");
+
+	for (i = 0; i < 3; i++)
+		fd_close_on_exec(i, FALSE);
 
 	if (set->mail_drop_priv_before_exec) {
 		restrict_access_by_env(TRUE);

More information about the dovecot-cvs mailing list