---
doc/doc-txt/ChangeLog | 3 +++
src/src/daemon.c | 7 +++++++
2 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index cf30701..624e0a8 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -89,6 +89,9 @@ DW/24 Bugzilla 1044: CVE-2010-4345 - part three: remove ALT_CONFIG_ROOT_ONLY
DW/25 Add TRUSTED_CONFIG_PREFIX_FILE option to allow alternative configuration
files to be used while preserving root privileges.
+DW/26 Set FD_CLOEXEC on SMTP sockets after forking in the daemon, to ensure
+ that rogue child processes cannot use them.
+
Exim version 4.72
-----------------
diff --git a/src/src/daemon.c b/src/src/daemon.c
index 8e6d667..3db9be3 100644
--- a/src/src/daemon.c
+++ b/src/src/daemon.c
@@ -425,6 +425,13 @@ if (pid == 0)
for (i = 0; i < listen_socket_count; i++) (void)close(listen_sockets[i]);
+ /* Set FD_CLOEXEC on the SMTP socket. We don't want any rogue child processes
+ to be able to communicate with them, under any circumstances. */
+ (void)fcntl(accept_socket, F_SETFD,
+ fcntl(accept_socket, F_GETFD) | FD_CLOEXEC);
+ (void)fcntl(dup_accept_socket, F_SETFD,
+ fcntl(dup_accept_socket, F_GETFD) | FD_CLOEXEC);
+
#ifdef SA_NOCLDWAIT
act.sa_handler = SIG_IGN;
sigemptyset(&(act.sa_mask));
--
1.7.3.2