Fixed issue #1484: Use FD_CLOEXEC to prevent debugging FDs from leaki…

…ng to forked processes
xdebug · Oct 27, 2017 · 0734ec1 · 0734ec1
1 parent 4201879
commit 0734ec1
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/xdebug_com.c b/xdebug_com.c
@@ -73,6 +73,11 @@ static int xdebug_create_socket_unix(const char *path TSRMLS_DC)
 		return (errno == EACCES) ? SOCK_ACCESS_ERR : SOCK_ERR;
 	}
 
+	/* Prevent the socket from being inherited by exec'd children */
+	if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) < 0) {
+		XDEBUG_LOG_PRINT(XG(remote_log_file), "W: Creating socket for 'unix://%s', fcntl(FD_CLOEXEC): %s.\n", path, strerror(errno));
+	}
+
 	return sockfd;
 }
 #endif
@@ -157,6 +162,13 @@ int xdebug_create_socket(const char *hostname, int dport TSRMLS_DC)
 		fcntl(sockfd, F_SETFL, O_NONBLOCK);
 #endif
 
+#if !WIN32 && !WINNT
+		/* Prevent the socket from being inherited by exec'd children on *nix (not necessary on Win) */
+	        if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) < 0) {
+        	        XDEBUG_LOG_PRINT(XG(remote_log_file), "W: Creating socket for '%s:%d', fcntl(FD_CLOEXEC): %s.\n", hostname, dport, strerror(errno));
+        	}
+#endif
+
 		/* Try to connect to the newly created socket */
 		/* Worth noting is that the port is set in the getaddrinfo call before */
 		status = connect(sockfd, ptr->ai_addr, ptr->ai_addrlen);