Hi, On Wed, Nov 23, 2016 at 11:20:18AM +0100, Gert Doering wrote: > The existing code can leak socket FDs to the "--up" script, which is > not desired. Brought up by Alberto Gonzalez Iniesta, based on debian > bug 367716.
I'm not sure if that patch is good enough yet.
Arne brought up "port-share" - where we fork processes, so it needs to
be ensured that whatever that process needs is still working.
In addition to that, we have "TCP server" processes, which create new
sockets not by calling socket() but by calling accept() on the listening
socket, which is not in one of thew set_cloexec() paths - but watch out,
*these* might be the ones needed for port-share.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany g...@greenie.muc.de
fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
signature.asc
Description: PGP signature
------------------------------------------------------------------------------
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
