listen_for_commands: stop leaking the control socket to forked procs

A tiling window manager

All the exec'ed processes would get copies of the control socket
descriptors, because of the default UNIX semantics of fd inherit across
execv(). This was easily seen on my system where an 'lsof' revealed
that all my terminals and shells had a copy.

To fix this we add the SOCK_CLOEXEC flag whilst opening the listener
socket(), avoiding this problem. We also need to set CLOEXEC on the
socket returned by accept():

"accept() ... extracts the first connection request on the queue of
pending connections ... creates a new connected socket, and returns a
new file descriptor"

The new descriptor does not inherit CLOEXEC flag from the listener.

The "bar" descriptor already handles this by setting O_CLOEXEC in its
own open() call on the FIFO.

authored by

Scott Mcdermott and committed by jcs.org 2 years ago 50c06359 336e5abe

+6 -1

1 changed file

expand all

communications.c

+6 -1

communications.c

··· 52 52 struct sockaddr_un sun; 53 53 54 54 if ((rp_glob_screen.control_socket_fd = socket(AF_UNIX, 55 - SOCK_STREAM | SOCK_NONBLOCK, 0)) == -1) 55 + SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC, 0)) == -1) 56 56 err(1, "socket"); 57 57 58 58 if (strlen(rp_glob_screen.control_socket_path) >= sizeof(sun.sun_path)) ··· 263 263 264 264 if ((cl = accept(rp_glob_screen.control_socket_fd, NULL, NULL)) == -1) { 265 265 warn("accept"); 266 + return; 267 + } 268 + if ((fcntl(cl, F_SETFD, FD_CLOEXEC)) == -1) { 269 + warn("cloexec"); 270 + close(cl); 266 271 return; 267 272 } 268 273