svn rev #20143: trunk/src/ include/ kadmin/server/ kdc/ krb524/ lib/crypto/ lib/kadm5/ ...

raeburn@MIT.EDU raeburn at MIT.EDU
Mon Oct 22 15:19:05 EDT 2007 

Commit By: raeburn
Log Message: 
ticket: 5561

Set close-on-exec flag in most places where file descriptors are
opened in our libraries (in case another application thread spawns a
new process) and in the KDC programs (in case a plugin library spawns
a new process).

Checked calls to: open fopen THREEPARAMOPEN mkstemp socket accept dup
dup2 pipe.  In: util lib plugins kdc kadmin/server krb524.

The various programs are less critical than the libraries, as any
well-written plugin that spawns a new process should close all file
descriptors it doesn't need to communicate with the new process.

This approach also isn't bulletproof, as the call to set the
close-on-exec flag is necessarily a separate call from creating the
file descriptor, and the fork call could happen in between them.  So
plugins should be careful regardless of this patch; it will only
reduce the window of potential lossage should a plugin be poorly
written.  (AFAIK there are currently no plugins that spawn processes
where this would be a problem.)

Update dependencies.



Changed Files:
U   trunk/src/include/k5-platform.h
U   trunk/src/kadmin/server/ovsec_kadmd.c
U   trunk/src/kdc/fakeka.c
U   trunk/src/kdc/network.c
U   trunk/src/krb524/krb524d.c
U   trunk/src/lib/crypto/prng.c
U   trunk/src/lib/kadm5/logger.c
U   trunk/src/lib/kadm5/srv/server_acl.c
U   trunk/src/lib/kadm5/srv/server_dict.c
U   trunk/src/lib/kdb/kdb_default.c
U   trunk/src/lib/krb4/Makefile.in
U   trunk/src/lib/krb4/dest_tkt.c
U   trunk/src/lib/krb4/g_cnffile.c
U   trunk/src/lib/krb4/in_tkt.c
U   trunk/src/lib/krb4/kadm_net.c
U   trunk/src/lib/krb4/klog.c
U   trunk/src/lib/krb4/kuserok.c
U   trunk/src/lib/krb4/log.c
U   trunk/src/lib/krb4/put_svc_key.c
U   trunk/src/lib/krb4/rd_svc_key.c
U   trunk/src/lib/krb4/tf_shm.c
U   trunk/src/lib/krb4/tf_util.c
U   trunk/src/lib/krb4/win_store.c
U   trunk/src/lib/krb5/ccache/cc_file.c
U   trunk/src/lib/krb5/keytab/kt_file.c
U   trunk/src/lib/krb5/keytab/kt_srvtab.c
U   trunk/src/lib/krb5/os/kuserok.c
U   trunk/src/lib/krb5/os/localaddr.c
U   trunk/src/lib/krb5/os/prompter.c
U   trunk/src/lib/krb5/os/sendto_kdc.c
U   trunk/src/lib/krb5/rcache/rc_io.c
U   trunk/src/lib/rpc/Makefile.in
U   trunk/src/lib/rpc/get_myaddress.c
U   trunk/src/lib/rpc/getrpcent.c
U   trunk/src/lib/rpc/pmap_rmt.c
U   trunk/src/lib/rpc/svc_tcp.c
U   trunk/src/lib/rpc/svc_udp.c
U   trunk/src/plugins/kdb/db2/adb_openclose.c
U   trunk/src/plugins/kdb/db2/kdb_db2.c
U   trunk/src/plugins/kdb/db2/libdb2/btree/Makefile.in
U   trunk/src/plugins/kdb/db2/libdb2/btree/bt_open.c
U   trunk/src/plugins/kdb/db2/libdb2/db/Makefile.in
U   trunk/src/plugins/kdb/db2/libdb2/hash/Makefile.in
U   trunk/src/plugins/kdb/db2/libdb2/mpool/Makefile.in
U   trunk/src/plugins/kdb/db2/libdb2/recno/Makefile.in
U   trunk/src/plugins/kdb/db2/libdb2/recno/rec_open.c
U   trunk/src/plugins/kdb/ldap/Makefile.in
U   trunk/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
U   trunk/src/plugins/kdb/ldap/libkdb_ldap/Makefile.in
U   trunk/src/plugins/kdb/ldap/libkdb_ldap/ldap_service_stash.c
U   trunk/src/plugins/locate/python/py-locate.c
U   trunk/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
U   trunk/src/plugins/preauth/pkinit/pkinit_lib.c
U   trunk/src/util/profile/prof_file.c
U   trunk/src/util/ss/list_rqs.c
U   trunk/src/util/ss/pager.c
U   trunk/src/util/support/threads.c

More information about the cvs-krb5 mailing list