diff options
Diffstat (limited to 'usr.sbin/relayd/check_script.c')
| -rw-r--r-- | usr.sbin/relayd/check_script.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/usr.sbin/relayd/check_script.c b/usr.sbin/relayd/check_script.c index f11cb13f5eb..76c90ab4114 100644 --- a/usr.sbin/relayd/check_script.c +++ b/usr.sbin/relayd/check_script.c @@ -1,4 +1,4 @@ -/* $OpenBSD: check_script.c,v 1.7 2008/12/05 16:37:55 reyk Exp $ */ +/* $OpenBSD: check_script.c,v 1.8 2009/04/17 09:58:40 reyk Exp $ */ /* * Copyright (c) 2007, 2008 Reyk Floeter <reyk@openbsd.org> @@ -127,6 +127,13 @@ script_exec(struct relayd *env, struct ctl_script *scr) setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) fatal("script_exec: can't drop privileges"); + /* + * close fds before executing an external program, to + * prevent access to internal fds, eg. IMSG connections + * of internal processes. + */ + closefrom(STDERR_FILENO + 1); + execlp(file, file, arg, (char *)NULL); _exit(0); break; |