dovecot-1.2: Call closelog() before dup2()ing fds.
dovecot at dovecot.org
dovecot at dovecot.org
Wed Apr 1 19:48:27 EEST 2009
details: http://hg.dovecot.org/dovecot-1.2/rev/774b0e8138bd
changeset: 8881:774b0e8138bd
user: Timo Sirainen <tss at iki.fi>
date: Wed Apr 01 12:48:17 2009 -0400
description:
Call closelog() before dup2()ing fds.
diffstat:
4 files changed, 29 insertions(+), 29 deletions(-)
src/master/auth-process.c | 16 ++++++++--------
src/master/dict-process.c | 8 ++++----
src/master/login-process.c | 8 ++++----
src/master/mail-process.c | 26 +++++++++++++-------------
diffs (141 lines):
diff -r 709128511fd5 -r 774b0e8138bd src/master/auth-process.c
--- a/src/master/auth-process.c Wed Apr 01 11:42:56 2009 -0400
+++ b/src/master/auth-process.c Wed Apr 01 12:48:17 2009 -0400
@@ -576,6 +576,10 @@ static int create_auth_process(struct au
(void)close(fd[0]);
(void)close(fd[1]);
+ /* make sure we don't leak syslog fd. try to do it as late as possible,
+ but also before dup2()s in case syslog fd is one of them. */
+ closelog();
+
/* set stdout to /dev/null, so anything written into it gets ignored. */
if (dup2(null_fd, 1) < 0)
i_fatal("dup2(stdout) failed: %m");
@@ -602,10 +606,6 @@ static int create_auth_process(struct au
dec2str(getpid())));
env_put(t_strdup_printf("AUTH_WORKER_MAX_COUNT=%u",
group->set->worker_max_count));
-
- /* make sure we don't leak syslog fd, but do it last so that
- any errors above will be logged */
- closelog();
executable = group->set->executable;
client_process_exec(executable, "");
@@ -649,6 +649,10 @@ static int create_auth_worker(struct aut
process->group->set->name);
log_set_prefix(log, prefix);
+ /* make sure we don't leak syslog fd. try to do it as late as possible,
+ but also before dup2()s in case syslog fd is one of them. */
+ closelog();
+
/* set stdin and stdout to /dev/null, so anything written into it
gets ignored. */
if (dup2(null_fd, 0) < 0)
@@ -668,10 +672,6 @@ static int create_auth_worker(struct aut
child_process_init_env();
auth_set_environment(process->group->set);
-
- /* make sure we don't leak syslog fd, but do it last so that
- any errors above will be logged */
- closelog();
executable = t_strconcat(process->group->set->executable, " -w", NULL);
client_process_exec(executable, "");
diff -r 709128511fd5 -r 774b0e8138bd src/master/dict-process.c
--- a/src/master/dict-process.c Wed Apr 01 11:42:56 2009 -0400
+++ b/src/master/dict-process.c Wed Apr 01 12:48:17 2009 -0400
@@ -78,6 +78,10 @@ static int dict_process_create(struct di
}
log_set_prefix(log, "master-dict: ");
+ /* make sure we don't leak syslog fd. try to do it as late as possible,
+ but also before dup2()s in case syslog fd is one of them. */
+ closelog();
+
/* set stdin and stdout to /dev/null, so anything written into it
gets ignored. */
if (dup2(null_fd, 0) < 0)
@@ -108,10 +112,6 @@ static int dict_process_create(struct di
i_assert((count % 2) == 0);
for (i = 0; i < count; i += 2)
env_put(t_strdup_printf("DICT_%s=%s", dicts[i], dicts[i+1]));
-
- /* make sure we don't leak syslog fd, but do it last so that
- any errors above will be logged */
- closelog();
executable = PKG_LIBEXECDIR"/dict";
client_process_exec(executable, "");
diff -r 709128511fd5 -r 774b0e8138bd src/master/login-process.c
--- a/src/master/login-process.c Wed Apr 01 11:42:56 2009 -0400
+++ b/src/master/login-process.c Wed Apr 01 12:48:17 2009 -0400
@@ -707,6 +707,10 @@ static pid_t create_login_process(struct
dup2_append(&dups, listens[i].fd, cur_fd);
}
+ /* make sure we don't leak syslog fd. try to do it as late as possible,
+ but also before dup2()s in case syslog fd is one of them. */
+ closelog();
+
if (dup2_array(&dups) < 0)
i_fatal("Failed to dup2() fds");
@@ -723,10 +727,6 @@ static pid_t create_login_process(struct
env_put(t_strdup_printf("SSL_LISTEN_FDS=%u", ssl_listen_count));
restrict_process_size(group->set->login_process_size, (unsigned int)-1);
-
- /* make sure we don't leak syslog fd, but do it last so that
- any errors above will be logged */
- closelog();
client_process_exec(group->set->login_executable, "");
i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m",
diff -r 709128511fd5 -r 774b0e8138bd src/master/mail-process.c
--- a/src/master/mail-process.c Wed Apr 01 11:42:56 2009 -0400
+++ b/src/master/mail-process.c Wed Apr 01 12:48:17 2009 -0400
@@ -758,17 +758,6 @@ create_mail_process(enum process_type pr
child_process_init_env();
- /* move the client socket into stdin and stdout fds, log to stderr */
- if (dup2(dump_capability ? null_fd : request->fd, 0) < 0)
- i_fatal("dup2(stdin) failed: %m");
- if (dup2(request->fd, 1) < 0)
- i_fatal("dup2(stdout) failed: %m");
- if (dup2(log_fd, 2) < 0)
- i_fatal("dup2(stderr) failed: %m");
-
- for (i = 0; i < 3; i++)
- fd_close_on_exec(i, FALSE);
-
/* setup environment - set the most important environment first
(paranoia about filling up environment without noticing) */
restrict_access_set_env(system_groups_user, uid, gid,
@@ -900,9 +889,20 @@ create_mail_process(enum process_type pr
i_snprintf(title, sizeof(title), "[%s %s]", user, addr);
}
- /* make sure we don't leak syslog fd, but do it last so that
- any errors above will be logged */
+ /* make sure we don't leak syslog fd. try to do it as late as possible,
+ but also before dup2()s in case syslog fd is one of them. */
closelog();
+
+ /* move the client socket into stdin and stdout fds, log to stderr */
+ if (dup2(dump_capability ? null_fd : request->fd, 0) < 0)
+ i_fatal("dup2(stdin) failed: %m");
+ if (dup2(request->fd, 1) < 0)
+ i_fatal("dup2(stdout) failed: %m");
+ if (dup2(log_fd, 2) < 0)
+ i_fatal("dup2(stderr) failed: %m");
+
+ for (i = 0; i < 3; i++)
+ fd_close_on_exec(i, FALSE);
if (set->mail_drop_priv_before_exec) {
restrict_access_by_env(TRUE);
More information about the dovecot-cvs
mailing list