Author: David Woodhouse Date: To: Stefan Fritsch CC: exim-dev Subject: Re: [exim-dev] Remote root vulnerability in Exim
On Sat, 2010-12-11 at 18:12 +0000, Stefan Fritsch wrote: > > Also, has the FD leak been addressed in an exim bug report at all? It
> > seems like a very sane thing to do also. There's no need for those to be
> > open to a running program.
>
> Maybe all relevant FDs should be marked with FD_CLOEXEC?
They mostly are already. We neglected to do that on the incoming SMTP
socket, for some reason. Fixed in the patch set I posted for review last
night.