From 0c974b72365ffaa69d52ee39944f61709b9e1a81 Mon Sep 17 00:00:00 2001
From: Mykola Perehudov <nexec@users.noreply.github.com>
Date: Thu, 6 Jul 2023 12:39:02 +0300
Subject: [PATCH] Avoid passing control unix socket descriptors to children
 (#2656)

Add SOCK_CLOEXEC flags to server side connection FDs to make them
closed during execve(2).
---
 src/debug/HyprCtl.cpp         | 4 ++--
 src/managers/EventManager.cpp | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/debug/HyprCtl.cpp b/src/debug/HyprCtl.cpp
index 58099bc8..c7a5e41c 100644
--- a/src/debug/HyprCtl.cpp
+++ b/src/debug/HyprCtl.cpp
@@ -1305,7 +1305,7 @@ int hyprCtlFDTick(int fd, uint32_t mask, void* data) {
     sockaddr_in clientAddress;
     socklen_t   clientSize = sizeof(clientAddress);
 
-    const auto  ACCEPTEDCONNECTION = accept(HyprCtl::iSocketFD, (sockaddr*)&clientAddress, &clientSize);
+    const auto  ACCEPTEDCONNECTION = accept4(HyprCtl::iSocketFD, (sockaddr*)&clientAddress, &clientSize, SOCK_CLOEXEC);
 
     char        readBuffer[1024];
 
@@ -1336,7 +1336,7 @@ int hyprCtlFDTick(int fd, uint32_t mask, void* data) {
 
 void HyprCtl::startHyprCtlSocket() {
 
-    iSocketFD = socket(AF_UNIX, SOCK_STREAM, 0);
+    iSocketFD = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
 
     if (iSocketFD < 0) {
         Debug::log(ERR, "Couldn't start the Hyprland Socket. (1) IPC will not work.");
diff --git a/src/managers/EventManager.cpp b/src/managers/EventManager.cpp
index 9d55f423..51532454 100644
--- a/src/managers/EventManager.cpp
+++ b/src/managers/EventManager.cpp
@@ -60,7 +60,7 @@ int fdHandleWrite(int fd, uint32_t mask, void* data) {
 
 void CEventManager::startThread() {
     m_tThread = std::thread([&]() {
-        const auto SOCKET = socket(AF_UNIX, SOCK_STREAM, 0);
+        const auto SOCKET = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
 
         if (SOCKET < 0) {
             Debug::log(ERR, "Couldn't start the Hyprland Socket 2. (1) IPC will not work.");
@@ -82,7 +82,7 @@ void CEventManager::startThread() {
         Debug::log(LOG, "Hypr socket 2 started at %s", socketPath.c_str());
 
         while (1) {
-            const auto ACCEPTEDCONNECTION = accept(SOCKET, (sockaddr*)&clientAddress, &clientSize);
+            const auto ACCEPTEDCONNECTION = accept4(SOCKET, (sockaddr*)&clientAddress, &clientSize, SOCK_CLOEXEC);
 
             if (ACCEPTEDCONNECTION > 0) {
                 // new connection!