Mercurial > dovecot > original-hg > dovecot-1.2

changeset 8881:774b0e8138bd HEAD

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Call closelog() before dup2()ing fds.
author Timo Sirainen <tss@iki.fi>
date Wed, 01 Apr 2009 12:48:17 -0400
parents 709128511fd5
children 9f3968f49ceb
files src/master/auth-process.c src/master/dict-process.c src/master/login-process.c src/master/mail-process.c
diffstat 4 files changed, 29 insertions(+), 29 deletions(-) [+]
line wrap: on
line diff
--- a/src/master/auth-process.c	Wed Apr 01 11:42:56 2009 -0400
+++ b/src/master/auth-process.c	Wed Apr 01 12:48:17 2009 -0400
@@ -576,6 +576,10 @@
 	(void)close(fd[0]);
 	(void)close(fd[1]);
 
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
+	closelog();
+
 	/* set stdout to /dev/null, so anything written into it gets ignored. */
 	if (dup2(null_fd, 1) < 0)
 		i_fatal("dup2(stdout) failed: %m");
@@ -603,10 +607,6 @@
 	env_put(t_strdup_printf("AUTH_WORKER_MAX_COUNT=%u",
 				group->set->worker_max_count));
 
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
-	closelog();
-
 	executable = group->set->executable;
 	client_process_exec(executable, "");
 	i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m", executable);
@@ -649,6 +649,10 @@
 				 process->group->set->name);
 	log_set_prefix(log, prefix);
 
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
+	closelog();
+
 	/* set stdin and stdout to /dev/null, so anything written into it
 	   gets ignored. */
 	if (dup2(null_fd, 0) < 0)
@@ -669,10 +673,6 @@
 	child_process_init_env();
         auth_set_environment(process->group->set);
 
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
-	closelog();
-
 	executable = t_strconcat(process->group->set->executable, " -w", NULL);
 	client_process_exec(executable, "");
 	i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m", executable);
--- a/src/master/dict-process.c	Wed Apr 01 11:42:56 2009 -0400
+++ b/src/master/dict-process.c	Wed Apr 01 12:48:17 2009 -0400
@@ -78,6 +78,10 @@
 	}
 	log_set_prefix(log, "master-dict: ");
 
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
+	closelog();
+
 	/* set stdin and stdout to /dev/null, so anything written into it
 	   gets ignored. */
 	if (dup2(null_fd, 0) < 0)
@@ -109,10 +113,6 @@
 	for (i = 0; i < count; i += 2)
 		env_put(t_strdup_printf("DICT_%s=%s", dicts[i], dicts[i+1]));
 
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
-	closelog();
-
 	executable = PKG_LIBEXECDIR"/dict";
 	client_process_exec(executable, "");
 	i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m", executable);
--- a/src/master/login-process.c	Wed Apr 01 11:42:56 2009 -0400
+++ b/src/master/login-process.c	Wed Apr 01 12:48:17 2009 -0400
@@ -707,6 +707,10 @@
 			dup2_append(&dups, listens[i].fd, cur_fd);
 	}
 
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
+	closelog();
+
 	if (dup2_array(&dups) < 0)
 		i_fatal("Failed to dup2() fds");
 
@@ -724,10 +728,6 @@
 
 	restrict_process_size(group->set->login_process_size, (unsigned int)-1);
 
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
-	closelog();
-
 	client_process_exec(group->set->login_executable, "");
 	i_fatal_status(FATAL_EXEC, "execv(%s) failed: %m",
 		       group->set->login_executable);
--- a/src/master/mail-process.c	Wed Apr 01 11:42:56 2009 -0400
+++ b/src/master/mail-process.c	Wed Apr 01 12:48:17 2009 -0400
@@ -758,17 +758,6 @@
 
 	child_process_init_env();
 
-	/* move the client socket into stdin and stdout fds, log to stderr */
-	if (dup2(dump_capability ? null_fd : request->fd, 0) < 0)
-		i_fatal("dup2(stdin) failed: %m");
-	if (dup2(request->fd, 1) < 0)
-		i_fatal("dup2(stdout) failed: %m");
-	if (dup2(log_fd, 2) < 0)
-		i_fatal("dup2(stderr) failed: %m");
-
-	for (i = 0; i < 3; i++)
-		fd_close_on_exec(i, FALSE);
-
 	/* setup environment - set the most important environment first
 	   (paranoia about filling up environment without noticing) */
 	restrict_access_set_env(system_groups_user, uid, gid,
@@ -900,10 +889,21 @@
 		i_snprintf(title, sizeof(title), "[%s %s]", user, addr);
 	}
 
-	/* make sure we don't leak syslog fd, but do it last so that
-	   any errors above will be logged */
+	/* make sure we don't leak syslog fd. try to do it as late as possible,
+	   but also before dup2()s in case syslog fd is one of them. */
 	closelog();
 
+	/* move the client socket into stdin and stdout fds, log to stderr */
+	if (dup2(dump_capability ? null_fd : request->fd, 0) < 0)
+		i_fatal("dup2(stdin) failed: %m");
+	if (dup2(request->fd, 1) < 0)
+		i_fatal("dup2(stdout) failed: %m");
+	if (dup2(log_fd, 2) < 0)
+		i_fatal("dup2(stderr) failed: %m");
+
+	for (i = 0; i < 3; i++)
+		fd_close_on_exec(i, FALSE);
+
 	if (set->mail_drop_priv_before_exec) {
 		restrict_access_by_env(TRUE);
 		/* privileged GID is now only in saved-GID. if we want to