From cc66e34fbf93688112806b2c8280fe01e11b2485 Mon Sep 17 00:00:00 2001 From: dongjiuzhu1 Date: Thu, 12 Oct 2023 13:54:31 +0800 Subject: [PATCH] rexecd: avoid socket/pipe/socketpair dup to new task Signed-off-by: dongjiuzhu1 --- netutils/rexecd/rexecd.c | 2 +- system/popen/popen.c | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/netutils/rexecd/rexecd.c b/netutils/rexecd/rexecd.c index 1f6138e27..ddf4ca7d6 100644 --- a/netutils/rexecd/rexecd.c +++ b/netutils/rexecd/rexecd.c @@ -256,7 +256,7 @@ int main(int argc, FAR char **argv) while (1) { - sock = accept(serv, NULL, 0); + sock = accept4(serv, NULL, 0, SOCK_CLOEXEC); if (sock < 0) { if (errno == EINTR) diff --git a/system/popen/popen.c b/system/popen/popen.c index 8e09edcd0..05abcd20d 100644 --- a/system/popen/popen.c +++ b/system/popen/popen.c @@ -33,6 +33,7 @@ #include #include #include +#include #include "nshlib/nshlib.h" @@ -139,7 +140,8 @@ FILE *popen(FAR const char *command, FAR const char *mode) * Is the pipe the input to the shell? Or the output? */ - if (strcmp(mode, "r") == 0 && (result = pipe(fd)) >= 0) + if (strcmp(mode, "r") == 0 && + (result = pipe2(fd, O_CLOEXEC)) >= 0) { /* Pipe is the output from the shell */ @@ -147,7 +149,8 @@ FILE *popen(FAR const char *command, FAR const char *mode) newfd[0] = fd[1]; retfd = fd[0]; /* Use read side of the pipe to create the return stream */ } - else if (strcmp(mode, "w") == 0 && (result = pipe(fd)) >= 0) + else if (strcmp(mode, "w") == 0 && + (result = pipe2(fd, O_CLOEXEC)) >= 0) { /* Pipe is the input to the shell */ @@ -160,7 +163,8 @@ FILE *popen(FAR const char *command, FAR const char *mode) #if defined(CONFIG_NET_LOCAL) && defined(CONFIG_NET_LOCAL_STREAM) else if ((strcmp(mode, "r+") == 0 || strcmp(mode, "w+") == 0) && - (result = socketpair(AF_UNIX, SOCK_STREAM, 0, fd)) >= 0) + (result = socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, + 0, fd)) >= 0) { /* Socketpair is the input/output to the shell */