set FD_CLOEXEC on opened file descriptors

3 files changed, 20 insertions, 12 deletions

diff --git a/accel-pppd/ctrl/l2tp/l2tp.c b/accel-pppd/ctrl/l2tp/l2tp.c
index ea99b820..fd74c2e8 100644
--- a/accel-pppd/ctrl/l2tp/l2tp.c
+++ b/accel-pppd/ctrl/l2tp/l2tp.c
@@ -244,6 +244,8 @@ static int l2tp_tunnel_alloc(struct l2tp_serv_t *serv, struct l2tp_packet_t *pac
 		mempool_free(conn);
 		return -1;
 	}
+	
+	fcntl(conn->hnd.fd, F_SETFD, fcntl(conn->hnd.fd, F_GETFD) | FD_CLOEXEC);
 
 	memset(&addr, 0, sizeof(addr));
 	addr.sin_family = AF_INET;
@@ -358,6 +360,8 @@ static int l2tp_connect(struct l2tp_conn_t *conn)
 		log_ppp_error("l2tp: socket(AF_PPPOX): %s\n", strerror(errno));
 		return -1;
 	}
+	
+	fcntl(conn->tunnel_fd, F_SETFD, fcntl(conn->tunnel_fd, F_GETFD) | FD_CLOEXEC);
 
 	conn->ppp.fd = socket(AF_PPPOX, SOCK_DGRAM, PX_PROTO_OL2TP);
 	if (!conn->ppp.fd) {
@@ -366,6 +370,8 @@ static int l2tp_connect(struct l2tp_conn_t *conn)
 		log_ppp_error("l2tp: socket(AF_PPPOX): %s\n", strerror(errno));
 		return -1;
 	}
+	
+	fcntl(conn->ppp.fd, F_SETFD, fcntl(conn->ppp.fd, F_GETFD) | FD_CLOEXEC);
 
 	if (connect(conn->tunnel_fd, (struct sockaddr *)&pppox_addr, sizeof(pppox_addr)) < 0) {
 		log_ppp_error("l2tp: connect(tunnel): %s\n", strerror(errno));
@@ -1043,6 +1049,8 @@ static void start_udp_server(void)
 		log_emerg("l2tp: socket: %s\n", strerror(errno));
 		return;
 	}
+	
+	fcntl(udp_serv.hnd.fd, F_SETFD, fcntl(udp_serv.hnd.fd, F_GETFD) | FD_CLOEXEC);
 
 	memset(&addr, 0, sizeof(addr));
 	addr.sin_family = AF_INET;
diff --git a/accel-pppd/ctrl/pppoe/pppoe.c b/accel-pppd/ctrl/pppoe/pppoe.c
index a32c8f51..3742c870 100644
--- a/accel-pppd/ctrl/pppoe/pppoe.c
+++ b/accel-pppd/ctrl/pppoe/pppoe.c
@@ -305,6 +305,8 @@ static void connect_channel(struct pppoe_conn_t *conn)
 		log_error("pppoe: socket(PPPOX): %s\n", strerror(errno));
 		goto out_err;
 	}
+	
+	fcntl(sock, F_SETFD, fcntl(sock, F_GETFD) | FD_CLOEXEC);
 
 	memset(&sp, 0, sizeof(sp));
 
@@ -1155,6 +1157,8 @@ void pppoe_server_start(const char *opt, void *cli)
 		_free(serv);
 		return;
 	}
+	
+	fcntl(sock, F_SETFD, fcntl(sock, F_GETFD) | FD_CLOEXEC);
 
 	if (setsockopt(sock, SOL_SOCKET, SO_BROADCAST, &f, sizeof(f))) {
 		if (cli)
@@ -1322,23 +1326,13 @@ void __export pppoe_get_stat(unsigned int **starting, unsigned int **active)
 
 static int init_secret(struct pppoe_serv_t *serv)
 {
-	int fd;
 	DES_cblock key;
 
-	fd = open("/dev/urandom", O_RDONLY);
-	if (fd < 0) {
-		log_emerg("pppoe: cann't open /dev/urandom: %s\n", strerror(errno));
-		return -1;
-	}
-
-	if (read(fd, serv->secret, SECRET_LENGTH) < 0) {
+	if (read(urandom_fd, serv->secret, SECRET_LENGTH) < 0) {
 		log_emerg("pppoe: faild to read /dev/urandom\n", strerror(errno));
-		close(fd);
 		return -1;
 	}
 
-	close(fd);
-
 	memset(key, 0, sizeof(key));
 	DES_random_key(&key);
 	DES_set_key(&key, &serv->des_ks);
diff --git a/accel-pppd/ctrl/pptp/pptp.c b/accel-pppd/ctrl/pptp/pptp.c
index 715a77b0..b9930f39 100644
--- a/accel-pppd/ctrl/pptp/pptp.c
+++ b/accel-pppd/ctrl/pptp/pptp.c
@@ -298,6 +298,9 @@ static int pptp_out_call_rqst(struct pptp_conn_t *conn)
 		log_ppp_error("failed to create PPTP socket (%s)\n", strerror(errno));
 		return -1;
 	}
+
+	fcntl(pptp_sock, F_SETFD, fcntl(pptp_sock, F_GETFD) | FD_CLOEXEC);
+
 	if (bind(pptp_sock, (struct sockaddr*)&src_addr, sizeof(src_addr))) {
 		log_ppp_error("failed to bind PPTP socket (%s)\n", strerror(errno));
 		close(pptp_sock);
@@ -741,7 +744,10 @@ static void pptp_init(void)
     log_emerg("pptp: failed to create server socket: %s\n", strerror(errno));
     return;
   }
-  addr.sin_family = AF_INET;
+	
+	fcntl(serv.hnd.fd, F_SETFD, fcntl(serv.hnd.fd, F_GETFD) | FD_CLOEXEC);
+  
+	addr.sin_family = AF_INET;
   addr.sin_port = htons(PPTP_PORT);
 
 	opt = conf_get_opt("pptp", "bind");