From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202602 header.b=MHU2VSNL; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 8A53A5A026D for ; Mon, 18 May 2026 05:22:50 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202602; t=1779074566; bh=EG6752NV56PMdA1JBY6euyJ6wpZV39rO2SKe1duS3NY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=MHU2VSNLiTj+JNpspehrQKHqElzLza4lS6MVAHL0Kl0JOA8LizXEPeKBVQ7mduD/p dGGY7WFgAJhfmBvbzagh9zM/4FVkKrEe8ogBZ8BpzKL0lk6Zc/Ugn78NkJMXC+E4qm G1vYnRauYXq+mMeY6WqprTl9cuWT8svlojB9+0Ke/ecX9mutZuk+6SVtR7Zrq8OsmN bSf/MZzRuHZ499ZodeyOP7OOV9Ic5hvlGaWvfm0cyZNnTdRe3IFF5l8uiiosDuOmyl jEfENjLFN/qoW0kXK8jGkSpt7AK1C1jcz0RIUt8MIWB2t60nWnu+pPs+EAL/Tt9cQp GmbF4MXlvy1AQ== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4gJjmQ3kkvz4wJp; Mon, 18 May 2026 13:22:46 +1000 (AEST) From: David Gibson To: passt-dev@passt.top, Stefano Brivio Subject: [PATCH v2 1/3] treewide: Add SOCK_CLOEXEC to accept() calls that are missing it Date: Mon, 18 May 2026 13:22:41 +1000 Message-ID: <20260518032243.823768-2-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.54.0 In-Reply-To: <20260518032243.823768-1-david@gibson.dropbear.id.au> References: <20260518032243.823768-1-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: 3XTU637LAWLM4BSWQGFT6P3MYZ7C4DYY X-Message-ID-Hash: 3XTU637LAWLM4BSWQGFT6P3MYZ7C4DYY X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Generally we try to set the O_CLOEXEC flag on every fd we create. This seems to be generally accepted security best practice these days, and we never exec(), so certainly have no need to pass fds to exec()ed processes. A handful of accept4() calls on Unix sockets are missing the SOCK_CLOEXEC flag to set this though. Add the missing flag. Signed-off-by: David Gibson --- repair.c | 5 +++-- tap.c | 4 ++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/repair.c b/repair.c index 69c53077..3e0e3e0a 100644 --- a/repair.c +++ b/repair.c @@ -87,7 +87,7 @@ int repair_listen_handler(struct ctx *c, uint32_t events) /* Another client is already connected: accept and close right away. */ if (c->fd_repair != -1) { int discard = accept4(c->fd_repair_listen, NULL, NULL, - SOCK_NONBLOCK); + SOCK_NONBLOCK | SOCK_CLOEXEC); if (discard == -1) return errno; @@ -99,7 +99,8 @@ int repair_listen_handler(struct ctx *c, uint32_t events) return EEXIST; } - if ((c->fd_repair = accept4(c->fd_repair_listen, NULL, NULL, 0)) < 0) { + if ((c->fd_repair = accept4(c->fd_repair_listen, NULL, NULL, + SOCK_CLOEXEC)) < 0) { rc = errno; debug_perror("accept4() on TCP_REPAIR helper listening socket"); return rc; diff --git a/tap.c b/tap.c index 0920a325..e7cac9df 100644 --- a/tap.c +++ b/tap.c @@ -1477,7 +1477,7 @@ void tap_listen_handler(struct ctx *c, uint32_t events) /* Another client is already connected: accept and close right away. */ if (c->fd_tap != -1) { int discard = accept4(c->fd_tap_listen, NULL, NULL, - SOCK_NONBLOCK); + SOCK_NONBLOCK | SOCK_CLOEXEC); if (discard == -1) return; @@ -1490,7 +1490,7 @@ void tap_listen_handler(struct ctx *c, uint32_t events) return; } - c->fd_tap = accept4(c->fd_tap_listen, NULL, NULL, 0); + c->fd_tap = accept4(c->fd_tap_listen, NULL, NULL, SOCK_CLOEXEC); if (!getsockopt(c->fd_tap, SOL_SOCKET, SO_PEERCRED, &ucred, &len)) info("accepted connection from PID %i", ucred.pid); -- 2.54.0