git.tremily.us Git - krb5.git/commit

author	Ken Raeburn <raeburn@mit.edu>
	Mon, 22 Oct 2007 19:18:53 +0000 (19:18 +0000)
committer	Ken Raeburn <raeburn@mit.edu>
	Mon, 22 Oct 2007 19:18:53 +0000 (19:18 +0000)
commit	3d8fa6bb4012296a53fe04e486a9157a2963b644
tree	7c0f5dcc658ebd75d758024a21097af95d616e05	tree \| snapshot
parent	70e8d7a6c50bbdb547150eba0abdef46d93d5b71	commit \| diff

Set close-on-exec flag in most places where file descriptors are
opened in our libraries (in case another application thread spawns a
new process) and in the KDC programs (in case a plugin library spawns
a new process).

Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup
dup2 pipe.  In: util lib plugins kdc kadmin/server krb524.

The various programs are less critical than the libraries, as any
well-written plugin that spawns a new process should close all file
descriptors it doesn't need to communicate with the new process.

This approach also isn't bulletproof, as the call to set the
close-on-exec flag is necessarily a separate call from creating the
file descriptor, and the fork call could happen in between them.  So
plugins should be careful regardless of this patch; it will only
reduce the window of potential lossage should a plugin be poorly
written.  (AFAIK there are currently no plugins that spawn processes
where this would be a problem.)

Update dependencies.

ticket: 5561

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20143 dc483132-0cff-0310-8789-dd5450dbe970

src/include/k5-platform.h		diff \| blob \| history
src/kadmin/server/ovsec_kadmd.c		diff \| blob \| history
src/kdc/fakeka.c		diff \| blob \| history
src/kdc/network.c		diff \| blob \| history
src/krb524/krb524d.c		diff \| blob \| history
src/lib/crypto/prng.c		diff \| blob \| history
src/lib/kadm5/logger.c		diff \| blob \| history
src/lib/kadm5/srv/server_acl.c		diff \| blob \| history
src/lib/kadm5/srv/server_dict.c		diff \| blob \| history
src/lib/kdb/kdb_default.c		diff \| blob \| history
src/lib/krb4/Makefile.in		diff \| blob \| history
src/lib/krb4/dest_tkt.c		diff \| blob \| history
src/lib/krb4/g_cnffile.c		diff \| blob \| history
src/lib/krb4/in_tkt.c		diff \| blob \| history
src/lib/krb4/kadm_net.c		diff \| blob \| history
src/lib/krb4/klog.c		diff \| blob \| history
src/lib/krb4/kuserok.c		diff \| blob \| history
src/lib/krb4/log.c		diff \| blob \| history
src/lib/krb4/put_svc_key.c		diff \| blob \| history
src/lib/krb4/rd_svc_key.c		diff \| blob \| history
src/lib/krb4/tf_shm.c		diff \| blob \| history
src/lib/krb4/tf_util.c		diff \| blob \| history
src/lib/krb4/win_store.c		diff \| blob \| history
src/lib/krb5/ccache/cc_file.c		diff \| blob \| history
src/lib/krb5/keytab/kt_file.c		diff \| blob \| history
src/lib/krb5/keytab/kt_srvtab.c		diff \| blob \| history
src/lib/krb5/os/kuserok.c		diff \| blob \| history
src/lib/krb5/os/localaddr.c		diff \| blob \| history
src/lib/krb5/os/prompter.c		diff \| blob \| history
src/lib/krb5/os/sendto_kdc.c		diff \| blob \| history
src/lib/krb5/rcache/rc_io.c		diff \| blob \| history
src/lib/rpc/Makefile.in		diff \| blob \| history
src/lib/rpc/get_myaddress.c		diff \| blob \| history
src/lib/rpc/getrpcent.c		diff \| blob \| history
src/lib/rpc/pmap_rmt.c		diff \| blob \| history
src/lib/rpc/svc_tcp.c		diff \| blob \| history
src/lib/rpc/svc_udp.c		diff \| blob \| history
src/plugins/kdb/db2/adb_openclose.c		diff \| blob \| history
src/plugins/kdb/db2/kdb_db2.c		diff \| blob \| history
src/plugins/kdb/db2/libdb2/btree/Makefile.in		diff \| blob \| history
src/plugins/kdb/db2/libdb2/btree/bt_open.c		diff \| blob \| history
src/plugins/kdb/db2/libdb2/db/Makefile.in		diff \| blob \| history
src/plugins/kdb/db2/libdb2/hash/Makefile.in		diff \| blob \| history
src/plugins/kdb/db2/libdb2/mpool/Makefile.in		diff \| blob \| history
src/plugins/kdb/db2/libdb2/recno/Makefile.in		diff \| blob \| history
src/plugins/kdb/db2/libdb2/recno/rec_open.c		diff \| blob \| history
src/plugins/kdb/ldap/Makefile.in		diff \| blob \| history
src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c		diff \| blob \| history
src/plugins/kdb/ldap/libkdb_ldap/Makefile.in		diff \| blob \| history
src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c		diff \| blob \| history
src/plugins/locate/python/py-locate.c		diff \| blob \| history
src/plugins/preauth/pkinit/pkinit_crypto_openssl.c		diff \| blob \| history
src/plugins/preauth/pkinit/pkinit_lib.c		diff \| blob \| history
src/util/profile/prof_file.c		diff \| blob \| history
src/util/ss/list_rqs.c		diff \| blob \| history
src/util/ss/pager.c		diff \| blob \| history
src/util/support/threads.c		diff \| blob \| history