dovecot-1.1: Call closelog() before dup2()ing fds.
dovecot at dovecot.org
dovecot at dovecot.org
Wed Apr 1 19:50:16 EEST 2009
details: http://hg.dovecot.org/dovecot-1.1/rev/8b6b192498e3
changeset: 8228:8b6b192498e3
user: Timo Sirainen <tss at iki.fi>
date: Wed Apr 01 12:50:11 2009 -0400
description:
Call closelog() before dup2()ing fds.
diffstat:
4 files changed, 29 insertions(+), 29 deletions(-)
src/master/auth-process.c | 16 ++++++++--------
src/master/dict-process.c | 8 ++++----
src/master/login-process.c | 8 ++++----
src/master/mail-process.c | 26 +++++++++++++-------------
diffs (141 lines):
diff -r eacbf71a05ff -r 8b6b192498e3 src/master/auth-process.c
--- a/src/master/auth-process.c Mon Mar 30 23:12:44 2009 -0400
+++ b/src/master/auth-process.c Wed Apr 01 12:50:11 2009 -0400
@@ -574,6 +574,10 @@ static int create_auth_process(struct au
(void)close(fd[0]);
(void)close(fd[1]);
+ /* make sure we don't leak syslog fd. try to do it as late as possible,
+ but also before dup2()s in case syslog fd is one of them. */
+ closelog();
+
/* set stdout to /dev/null, so anything written into it gets ignored. */
if (dup2(null_fd, 1) < 0)
i_fatal("dup2(stdout) failed: %m");
@@ -602,10 +606,6 @@ static int create_auth_process(struct au
group->set->worker_max_count));
env_put(t_strdup_printf("AUTH_WORKER_MAX_REQUEST_COUNT=%u",
group->set->worker_max_request_count));
-
- /* make sure we don't leak syslog fd, but do it last so that
- any errors above will be logged */
- closelog();
executable = group->set->executable;
client_process_exec(executable, "");
@@ -649,6 +649,10 @@ static int create_auth_worker(struct aut
process->group->set->name);
log_set_prefix(log, prefix);
+ /* make sure we don't leak syslog fd. try to do it as late as possible,
+ but also before dup2()s in case syslog fd is one of them. */
+ closelog();
+
/* set stdin and stdout to /dev/null, so anything written into it
gets ignored. */
if (dup2(null_fd, 0) < 0)
@@ -668,10 +672,6 @@ static int create_auth_worker(struct aut
child_process_init_env();
auth_set_environment(process->group->set);
-
- /* make sure we don't leak syslog fd, but do it last so that
- any errors above will be logged */
- closelog();
executable = t_strconcat(process->group->set->executable, " -w", NULL);
client_process_exec(executable, "");
diff -r eacbf71a05ff -r 8b6b192498e3 src/master/dict-process.c
--- a/src/master/dict-process.c Mon Mar 30 23:12:44 2009 -0400
+++ b/src/master/dict-process.c Wed Apr 01 12:50:11 2009 -0400
@@ -65,6 +65,10 @@ static int dict_process_start(struct dic
}
log_set_prefix(log, "master-dict: ");
+ /* make sure we don't leak syslog fd. try to do it as late as possible,
+ but also before dup2()s in case syslog fd is one of them. */
+ closelog();
+
/* set stdin and stdout to /dev/null, so anything written into it
gets ignored. */
if (dup2(null_fd, 0) < 0)
@@ -95,10 +99,6 @@ static int dict_process_start(struct dic
for (i = 0; i < count; i += 2)
env_put(t_strdup_printf("DICT_%s=%s", dicts[i], dicts[i+1]));
- /* make sure we don't leak syslog fd, but do it last so that
- any errors above will be logged */
- closelog();
-
executable = PKG_LIBEXECDIR"/dict";
client_process_exec(executable, "");
i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m", executable);
diff -r eacbf71a05ff -r 8b6b192498e3 src/master/login-process.c
--- a/src/master/login-process.c Mon Mar 30 23:12:44 2009 -0400
+++ b/src/master/login-process.c Wed Apr 01 12:50:11 2009 -0400
@@ -679,6 +679,10 @@ static pid_t create_login_process(struct
dup2_append(&dups, listens[i].fd, cur_fd);
}
+ /* make sure we don't leak syslog fd. try to do it as late as possible,
+ but also before dup2()s in case syslog fd is one of them. */
+ closelog();
+
if (dup2_array(&dups) < 0)
i_fatal("Failed to dup2() fds");
@@ -695,10 +699,6 @@ static pid_t create_login_process(struct
env_put(t_strdup_printf("SSL_LISTEN_FDS=%u", ssl_listen_count));
restrict_process_size(group->set->login_process_size, (unsigned int)-1);
-
- /* make sure we don't leak syslog fd, but do it last so that
- any errors above will be logged */
- closelog();
client_process_exec(group->set->login_executable, "");
i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m",
diff -r eacbf71a05ff -r 8b6b192498e3 src/master/mail-process.c
--- a/src/master/mail-process.c Mon Mar 30 23:12:44 2009 -0400
+++ b/src/master/mail-process.c Wed Apr 01 12:50:11 2009 -0400
@@ -745,17 +745,6 @@ create_mail_process(enum process_type pr
child_process_init_env();
- /* move the client socket into stdin and stdout fds, log to stderr */
- if (dup2(dump_capability ? null_fd : socket_fd, 0) < 0)
- i_fatal("dup2(stdin) failed: %m");
- if (dup2(socket_fd, 1) < 0)
- i_fatal("dup2(stdout) failed: %m");
- if (dup2(log_fd, 2) < 0)
- i_fatal("dup2(stderr) failed: %m");
-
- for (i = 0; i < 3; i++)
- fd_close_on_exec(i, FALSE);
-
/* setup environment - set the most important environment first
(paranoia about filling up environment without noticing) */
restrict_access_set_env(system_user, uid, gid, set->mail_priv_gid_t,
@@ -866,9 +855,20 @@ create_mail_process(enum process_type pr
i_snprintf(title, sizeof(title), "[%s %s]", user, addr);
}
- /* make sure we don't leak syslog fd, but do it last so that
- any errors above will be logged */
+ /* make sure we don't leak syslog fd. try to do it as late as possible,
+ but also before dup2()s in case syslog fd is one of them. */
closelog();
+
+ /* move the client socket into stdin and stdout fds, log to stderr */
+ if (dup2(dump_capability ? null_fd : socket_fd, 0) < 0)
+ i_fatal("dup2(stdin) failed: %m");
+ if (dup2(socket_fd, 1) < 0)
+ i_fatal("dup2(stdout) failed: %m");
+ if (dup2(log_fd, 2) < 0)
+ i_fatal("dup2(stderr) failed: %m");
+
+ for (i = 0; i < 3; i++)
+ fd_close_on_exec(i, FALSE);
if (set->mail_drop_priv_before_exec) {
restrict_access_by_env(TRUE);
More information about the dovecot-cvs
mailing list