On Mon, Nov 21, 2016 at 03:37:45PM +0100, David Sommerseth wrote: > On 21/11/16 14:32, Samuli Seppänen wrote: > > Il 21/11/2016 11:10, Alberto Gonzalez Iniesta ha scritto: > >> Hi, > >> > >> I'm preparing an upload to Debian Experimental of 2.4-beta1 in > >> order to get the maximum exposition as possible. In the meantime > >> I'd like to know your opinion on the following patch that I've > >> been applying to Debian's package for some years: > >> https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=367716;filename=openvpn_367716.diff;msg=10 > >> > >> > Fixing this: > >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=367716 > >> > >> Thanks, > >> > >> Alberto > > > > That bug report is mighty old, from 2008. I wonder if the problem > > still persists at all? > > I hope at least Arne can chime in on this one, as he has done > tremendous work on the socket code. And I'd be surprised if this > patch applies cleanly on top of our master branch.
No, I doesn't. But I updated it to 2.4. Find it attached. > Yes, it's an old issue. But from my brief 3 minutes look at socket.c, > I'd say it looks like to me this is still needed. The explanation in > the patch makes sense. Yep, I think it's still needed. Regards, Alberto > ------------------------------------------------------------------------------ > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico mailto/sip: a...@inittab.org | en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 5347 CBD8 3E30 A9EB 4D7D 4BF2 009B 3375 6B9A AA55
Description: Set socket's FD_CLOEXEC flag before calling up script Moving the set_cloexec() call from link_socket_init_phase2() to link_socket_init_phase1(). Author: Julien Cristau <jcris...@debian.org> Bug-Debian: http://bugs.debian.org/367716 Index: openvpn/src/openvpn/socket.c =================================================================== --- openvpn.orig/src/openvpn/socket.c 2016-11-21 09:58:03.562096178 +0100 +++ openvpn/src/openvpn/socket.c 2016-11-21 10:01:20.143091482 +0100 @@ -1625,6 +1625,10 @@ } resolve_remote (sock, 1, NULL, NULL); } + + /* set socket file descriptor to not pass across execs, so that + scripts don't have access to it */ + set_cloexec (sock->sd); } static @@ -1677,10 +1681,6 @@ /* set socket to non-blocking mode */ set_nonblock (sock->sd); - /* set socket file descriptor to not pass across execs, so that - scripts don't have access to it */ - set_cloexec (sock->sd); - if (socket_defined (sock->ctrl_sd)) set_cloexec (sock->ctrl_sd);
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
