dovecot-1.1: Call closelog() before dup2()ing fds.

dovecot at dovecot.org dovecot at dovecot.org
Wed Apr 1 19:50:16 EEST 2009


details:   http://hg.dovecot.org/dovecot-1.1/rev/8b6b192498e3
changeset: 8228:8b6b192498e3
user:      Timo Sirainen <tss at iki.fi>
date:      Wed Apr 01 12:50:11 2009 -0400
description:
Call closelog() before dup2()ing fds.

diffstat:

4 files changed, 29 insertions(+), 29 deletions(-)
src/master/auth-process.c  |   16 ++++++++--------
src/master/dict-process.c  |    8 ++++----
src/master/login-process.c |    8 ++++----
src/master/mail-process.c  |   26 +++++++++++++-------------

diffs (141 lines):

diff -r eacbf71a05ff -r 8b6b192498e3 src/master/auth-process.c
--- a/src/master/auth-process.c	Mon Mar 30 23:12:44 2009 -0400
+++ b/src/master/auth-process.c	Wed Apr 01 12:50:11 2009 -0400
@@ -574,6 +574,10 @@ static int create_auth_process(struct au
 	(void)close(fd[0]);
 	(void)close(fd[1]);
 
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
+	closelog();
+
 	/* set stdout to /dev/null, so anything written into it gets ignored. */
 	if (dup2(null_fd, 1) < 0)
 		i_fatal("dup2(stdout) failed: %m");
@@ -602,10 +606,6 @@ static int create_auth_process(struct au
 				group->set->worker_max_count));
 	env_put(t_strdup_printf("AUTH_WORKER_MAX_REQUEST_COUNT=%u",
 				group->set->worker_max_request_count));
-
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
-	closelog();
 
 	executable = group->set->executable;
 	client_process_exec(executable, "");
@@ -649,6 +649,10 @@ static int create_auth_worker(struct aut
 				 process->group->set->name);
 	log_set_prefix(log, prefix);
 
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
+	closelog();
+
 	/* set stdin and stdout to /dev/null, so anything written into it
 	   gets ignored. */
 	if (dup2(null_fd, 0) < 0)
@@ -668,10 +672,6 @@ static int create_auth_worker(struct aut
 
 	child_process_init_env();
         auth_set_environment(process->group->set);
-
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
-	closelog();
 
 	executable = t_strconcat(process->group->set->executable, " -w", NULL);
 	client_process_exec(executable, "");
diff -r eacbf71a05ff -r 8b6b192498e3 src/master/dict-process.c
--- a/src/master/dict-process.c	Mon Mar 30 23:12:44 2009 -0400
+++ b/src/master/dict-process.c	Wed Apr 01 12:50:11 2009 -0400
@@ -65,6 +65,10 @@ static int dict_process_start(struct dic
 	}
 	log_set_prefix(log, "master-dict: ");
 
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
+	closelog();
+
 	/* set stdin and stdout to /dev/null, so anything written into it
 	   gets ignored. */
 	if (dup2(null_fd, 0) < 0)
@@ -95,10 +99,6 @@ static int dict_process_start(struct dic
 	for (i = 0; i < count; i += 2)
 		env_put(t_strdup_printf("DICT_%s=%s", dicts[i], dicts[i+1]));
 
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
-	closelog();
-
 	executable = PKG_LIBEXECDIR"/dict";
 	client_process_exec(executable, "");
 	i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m", executable);
diff -r eacbf71a05ff -r 8b6b192498e3 src/master/login-process.c
--- a/src/master/login-process.c	Mon Mar 30 23:12:44 2009 -0400
+++ b/src/master/login-process.c	Wed Apr 01 12:50:11 2009 -0400
@@ -679,6 +679,10 @@ static pid_t create_login_process(struct
 			dup2_append(&dups, listens[i].fd, cur_fd);
 	}
 
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
+	closelog();
+
 	if (dup2_array(&dups) < 0)
 		i_fatal("Failed to dup2() fds");
 
@@ -695,10 +699,6 @@ static pid_t create_login_process(struct
 	env_put(t_strdup_printf("SSL_LISTEN_FDS=%u", ssl_listen_count));
 
 	restrict_process_size(group->set->login_process_size, (unsigned int)-1);
-
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
-	closelog();
 
 	client_process_exec(group->set->login_executable, "");
 	i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m",
diff -r eacbf71a05ff -r 8b6b192498e3 src/master/mail-process.c
--- a/src/master/mail-process.c	Mon Mar 30 23:12:44 2009 -0400
+++ b/src/master/mail-process.c	Wed Apr 01 12:50:11 2009 -0400
@@ -745,17 +745,6 @@ create_mail_process(enum process_type pr
 
 	child_process_init_env();
 
-	/* move the client socket into stdin and stdout fds, log to stderr */
-	if (dup2(dump_capability ? null_fd : socket_fd, 0) < 0)
-		i_fatal("dup2(stdin) failed: %m");
-	if (dup2(socket_fd, 1) < 0)
-		i_fatal("dup2(stdout) failed: %m");
-	if (dup2(log_fd, 2) < 0)
-		i_fatal("dup2(stderr) failed: %m");
-
-	for (i = 0; i < 3; i++)
-		fd_close_on_exec(i, FALSE);
-
 	/* setup environment - set the most important environment first
 	   (paranoia about filling up environment without noticing) */
 	restrict_access_set_env(system_user, uid, gid, set->mail_priv_gid_t,
@@ -866,9 +855,20 @@ create_mail_process(enum process_type pr
 		i_snprintf(title, sizeof(title), "[%s %s]", user, addr);
 	}
 
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
 	closelog();
+
+	/* move the client socket into stdin and stdout fds, log to stderr */
+	if (dup2(dump_capability ? null_fd : socket_fd, 0) < 0)
+		i_fatal("dup2(stdin) failed: %m");
+	if (dup2(socket_fd, 1) < 0)
+		i_fatal("dup2(stdout) failed: %m");
+	if (dup2(log_fd, 2) < 0)
+		i_fatal("dup2(stderr) failed: %m");
+
+	for (i = 0; i < 3; i++)
+		fd_close_on_exec(i, FALSE);
 
 	if (set->mail_drop_priv_before_exec) {
 		restrict_access_by_env(TRUE);


More information about the dovecot-cvs mailing list