Avoid passing control unix socket descriptors to children (#2656)

Add SOCK_CLOEXEC flags to server side connection FDs to make them
closed during execve(2).
This commit is contained in:
Mykola Perehudov 2023-07-06 12:39:02 +03:00 committed by GitHub
parent 8407a9af0a
commit 0c974b7236
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 4 deletions

View file

@ -1305,7 +1305,7 @@ int hyprCtlFDTick(int fd, uint32_t mask, void* data) {
sockaddr_in clientAddress; sockaddr_in clientAddress;
socklen_t clientSize = sizeof(clientAddress); socklen_t clientSize = sizeof(clientAddress);
const auto ACCEPTEDCONNECTION = accept(HyprCtl::iSocketFD, (sockaddr*)&clientAddress, &clientSize); const auto ACCEPTEDCONNECTION = accept4(HyprCtl::iSocketFD, (sockaddr*)&clientAddress, &clientSize, SOCK_CLOEXEC);
char readBuffer[1024]; char readBuffer[1024];
@ -1336,7 +1336,7 @@ int hyprCtlFDTick(int fd, uint32_t mask, void* data) {
void HyprCtl::startHyprCtlSocket() { void HyprCtl::startHyprCtlSocket() {
iSocketFD = socket(AF_UNIX, SOCK_STREAM, 0); iSocketFD = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
if (iSocketFD < 0) { if (iSocketFD < 0) {
Debug::log(ERR, "Couldn't start the Hyprland Socket. (1) IPC will not work."); Debug::log(ERR, "Couldn't start the Hyprland Socket. (1) IPC will not work.");

View file

@ -60,7 +60,7 @@ int fdHandleWrite(int fd, uint32_t mask, void* data) {
void CEventManager::startThread() { void CEventManager::startThread() {
m_tThread = std::thread([&]() { m_tThread = std::thread([&]() {
const auto SOCKET = socket(AF_UNIX, SOCK_STREAM, 0); const auto SOCKET = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
if (SOCKET < 0) { if (SOCKET < 0) {
Debug::log(ERR, "Couldn't start the Hyprland Socket 2. (1) IPC will not work."); Debug::log(ERR, "Couldn't start the Hyprland Socket 2. (1) IPC will not work.");
@ -82,7 +82,7 @@ void CEventManager::startThread() {
Debug::log(LOG, "Hypr socket 2 started at %s", socketPath.c_str()); Debug::log(LOG, "Hypr socket 2 started at %s", socketPath.c_str());
while (1) { while (1) {
const auto ACCEPTEDCONNECTION = accept(SOCKET, (sockaddr*)&clientAddress, &clientSize); const auto ACCEPTEDCONNECTION = accept4(SOCKET, (sockaddr*)&clientAddress, &clientSize, SOCK_CLOEXEC);
if (ACCEPTEDCONNECTION > 0) { if (ACCEPTEDCONNECTION > 0) {
// new connection! // new connection!