Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.420 (Entity 5.420) From: raeburn@mit.edu Subject: SVN Commit RT-Send-CC: X-RT-Original-Encoding: iso-8859-1 Content-Length: 3339 Set close-on-exec flag in most places where file descriptors are opened in our libraries (in case another application thread spawns a new process) and in the KDC programs (in case a plugin library spawns a new process). Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup dup2 pipe. In: util lib plugins kdc kadmin/server krb524. The various programs are less critical than the libraries, as any well-written plugin that spawns a new process should close all file descriptors it doesn't need to communicate with the new process. This approach also isn't bulletproof, as the call to set the close-on-exec flag is necessarily a separate call from creating the file descriptor, and the fork call could happen in between them. So plugins should be careful regardless of this patch; it will only reduce the window of potential lossage should a plugin be poorly written. (AFAIK there are currently no plugins that spawn processes where this would be a problem.) Update dependencies. Commit By: raeburn Revision: 20143 Changed Files: U trunk/src/include/k5-platform.h U trunk/src/kadmin/server/ovsec_kadmd.c U trunk/src/kdc/fakeka.c U trunk/src/kdc/network.c U trunk/src/krb524/krb524d.c U trunk/src/lib/crypto/prng.c U trunk/src/lib/kadm5/logger.c U trunk/src/lib/kadm5/srv/server_acl.c U trunk/src/lib/kadm5/srv/server_dict.c U trunk/src/lib/kdb/kdb_default.c U trunk/src/lib/krb4/Makefile.in U trunk/src/lib/krb4/dest_tkt.c U trunk/src/lib/krb4/g_cnffile.c U trunk/src/lib/krb4/in_tkt.c U trunk/src/lib/krb4/kadm_net.c U trunk/src/lib/krb4/klog.c U trunk/src/lib/krb4/kuserok.c U trunk/src/lib/krb4/log.c U trunk/src/lib/krb4/put_svc_key.c U trunk/src/lib/krb4/rd_svc_key.c U trunk/src/lib/krb4/tf_shm.c U trunk/src/lib/krb4/tf_util.c U trunk/src/lib/krb4/win_store.c U trunk/src/lib/krb5/ccache/cc_file.c U trunk/src/lib/krb5/keytab/kt_file.c U trunk/src/lib/krb5/keytab/kt_srvtab.c U trunk/src/lib/krb5/os/kuserok.c U trunk/src/lib/krb5/os/localaddr.c U trunk/src/lib/krb5/os/prompter.c U trunk/src/lib/krb5/os/sendto_kdc.c U trunk/src/lib/krb5/rcache/rc_io.c U trunk/src/lib/rpc/Makefile.in U trunk/src/lib/rpc/get_myaddress.c U trunk/src/lib/rpc/getrpcent.c U trunk/src/lib/rpc/pmap_rmt.c U trunk/src/lib/rpc/svc_tcp.c U trunk/src/lib/rpc/svc_udp.c U trunk/src/plugins/kdb/db2/adb_openclose.c U trunk/src/plugins/kdb/db2/kdb_db2.c U trunk/src/plugins/kdb/db2/libdb2/btree/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/btree/bt_open.c U trunk/src/plugins/kdb/db2/libdb2/db/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/hash/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/mpool/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/recno/Makefile.in U trunk/src/plugins/kdb/db2/libdb2/recno/rec_open.c U trunk/src/plugins/kdb/ldap/Makefile.in U trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c U trunk/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in U trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c U trunk/src/plugins/locate/python/py-locate.c U trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c U trunk/src/plugins/preauth/pkinit/pkinit_lib.c U trunk/src/util/profile/prof_file.c U trunk/src/util/ss/list_rqs.c U trunk/src/util/ss/pager.c U trunk/src/util/support/threads.c