From d9bb336cfa276e2e2e44fdb6a25888de7d21bef3 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@cvs.openbsd.org>
Date: Fri, 29 Jan 2010 00:20:42 +0000
Subject: set FD_CLOEXEC on sock_in/sock_out; bz#1706 from jchadima AT
 redhat.com ok dtucker@

---
 usr.bin/ssh/sshd.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 749d8c3d6c5..cb94be1ca36 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.371 2010/01/13 03:48:13 djm Exp $ */
+/* $OpenBSD: sshd.c,v 1.372 2010/01/29 00:20:41 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1640,6 +1640,10 @@ main(int ac, char **av)
 		    sock_in, sock_out, newsock, startup_pipe, config_s[0]);
 	}
 
+	/* Executed child processes don't need these. */
+	fcntl(sock_out, F_SETFD, FD_CLOEXEC);
+	fcntl(sock_in, F_SETFD, FD_CLOEXEC);
+
 	/*
 	 * Disable the key regeneration alarm.  We will not regenerate the
 	 * key since we are no longer in a position to give it to anyone. We
-- 
cgit v1.2.3