Try to use FD_CLOEXEC instead of mass-closing everywhere.

diff --git a/lib/mtio.c b/lib/mtio.c
index b594f0d..e4166f5 100644 (file)
--- a/lib/mtio.c
+++ b/lib/mtio.c
@@ -180,6 +180,7 @@ void ioloop(void)
     time_t now, timeout;
     
     epfd = epoll_create(128);
+    fcntl(epfd, F_SETFD, FD_CLOEXEC);
     for(bl = blockers; bl; bl = nbl) {
        nbl = bl->n;
        if(regfd(bl))

diff --git a/lib/proc.c b/lib/proc.c
index 8646434..2c05608 100644 (file)
--- a/lib/proc.c
+++ b/lib/proc.c
@@ -22,6 +22,7 @@
 #include <sys/socket.h>
 #include <errno.h>
 #include <ctype.h>
+#include <fcntl.h>
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
@@ -33,7 +34,6 @@
 
 int stdmkchild(char **argv, void (*chinit)(void *), void *idata)
 {
-    int i;
     pid_t pid;
     int fd[2];
     
@@ -44,17 +44,15 @@ int stdmkchild(char **argv, void (*chinit)(void *), void *idata)
     if(pid == 0) {
        if(chinit != NULL)
            chinit(idata);
-       for(i = 3; i < FD_SETSIZE; i++) {
-           if(i != fd[0])
-               close(i);
-       }
        dup2(fd[0], 0);
        close(fd[0]);
+       close(fd[1]);
        execvp(argv[0], argv);
        flog(LOG_WARNING, "could not exec child program %s: %s", argv[0], strerror(errno));
        exit(127);
     }
     close(fd[0]);
+    fcntl(fd[1], F_SETFD, FD_CLOEXEC);
     return(fd[1]);
 }
 
@@ -141,8 +139,7 @@ pid_t stdforkserve(char **argv, struct hthead *req, int fd, void (*chinit)(void
        
        dup2(fd, 0);
        dup2(fd, 1);
-       for(i = 3; i < FD_SETSIZE; i++)
-           close(i);
+       close(fd);
        
        bufinit(args);
        for(i = 0; argv[i]; i++)

diff --git a/lib/req.c b/lib/req.c
index 64944bf..a3e7273 100644 (file)
--- a/lib/req.c
+++ b/lib/req.c
@@ -23,6 +23,7 @@
 #include <errno.h>
 #include <ctype.h>
 #include <stdio.h>
+#include <fcntl.h>
 
 #ifdef HAVE_CONFIG_H
 #include <config.h>
@@ -254,6 +255,7 @@ int recvreq(int sock, struct hthead **reqp)
     if((fd = recvfd(sock, &buf.b, &buf.d)) < 0) {
        return(-1);
     }
+    fcntl(fd, F_SETFD, FD_CLOEXEC);
     buf.s = buf.d;
     p = buf.b;
     l = buf.d;

diff --git a/src/accesslog.c b/src/accesslog.c
index 5aa2574..02e5f1a 100644 (file)
--- a/src/accesslog.c
+++ b/src/accesslog.c
@@ -342,6 +342,7 @@ int main(int argc, char **argv)
            }
        }
     }
+    fcntl(fileno(out), F_SETFD, FD_CLOEXEC);
     if((ch = stdmkchild(argv + optind + 1, NULL, NULL)) < 0) {
        flog(LOG_ERR, "accesslog: could not fork child: %s", strerror(errno));
        exit(1);

diff --git a/src/plaintcp.c b/src/plaintcp.c
index cf46b29..321be41 100644 (file)
--- a/src/plaintcp.c
+++ b/src/plaintcp.c
@@ -22,6 +22,7 @@
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
+#include <fcntl.h>
 #include <errno.h>
 #include <string.h>
 
@@ -68,6 +69,7 @@ int listensock4(int port)
        close(fd);
        return(-1);
     }
+    fcntl(fd, F_SETFD, FD_CLOEXEC);
     return(fd);
 }
 
@@ -92,6 +94,7 @@ int listensock6(int port)
        close(fd);
        return(-1);
     }
+    fcntl(fd, F_SETFD, FD_CLOEXEC);
     return(fd);
 }
 

diff --git a/src/userplex.c b/src/userplex.c
index 3a2da87..b66490f 100644 (file)
--- a/src/userplex.c
+++ b/src/userplex.c
@@ -112,7 +112,7 @@ static int forkchild(char *usrnm)
 {
     struct passwd *pwd;
     pid_t pid;
-    int i, fd[2];
+    int fd[2];
     
     /* XXX: There should be a way for the child to report errors (like
      * 404 when htpub doesn't exist), but for now I don't bother with
@@ -126,17 +126,15 @@ static int forkchild(char *usrnm)
     if((pid = fork()) < 0)
        return(-1);
     if(pid == 0) {
-       for(i = 3; i < FD_SETSIZE; i++) {
-           if(i != fd[0])
-               close(i);
-       }
        dup2(fd[0], 0);
        close(fd[0]);
+       close(fd[1]);
        login(pwd);
        execchild(pwd);
        exit(127);
     }
     close(fd[0]);
+    fcntl(fd[1], F_SETFD, FD_CLOEXEC);
     return(fd[1]);
 }