Set CLOEXEC on listened/accepted sockets in the FPM children

Author: Mikhail Galanin

main/fastcgi.c

@@ -1423,6 +1423,10 @@ int fcgi_accept_request(fcgi_request *req)
 					return -1;
 				}
 
+				if (0 > fcntl(req->fd, F_SETFD, fcntl(req->fd, F_GETFD) | FD_CLOEXEC)) {
+					fcgi_log(FCGI_WARNING, "failed to change attribute of error_log");
+				}
+
 #ifdef _WIN32
 				break;
 #else

sapi/fpm/fpm/fpm_children.c

@@ -167,6 +167,25 @@ struct fpm_child_s *fpm_child_find(pid_t pid) /* {{{ */
 }
 /* }}} */
 
+static int fpm_child_cloexec(void)
+{
+	/* If PHP code invokes pcntl_fork()/exec(), we don't want the external programm to inherit the descriptor.
+		If the external process accidentally uses the socket it will likely break the communication */
+	int attrs = fcntl(fpm_globals.listening_socket, F_GETFD);
+	if (0 > attrs) {
+		zlog(ZLOG_WARNING, "failed to get attributes of listening socket, errno: %d", errno);
+		return -1;
+	}
+
+	/* set CLOEXEC to prevent the descriptor leaking to child processes */
+	if (0 > fcntl(fpm_globals.listening_socket, F_SETFD, attrs | FD_CLOEXEC)) {
+		zlog(ZLOG_WARNING, "failed to change attribute of listening socket");
+		return -1;
+	}
+
+	return 0;
+}
+
 static void fpm_child_init(struct fpm_worker_pool_s *wp) /* {{{ */
 {
 	fpm_globals.max_requests = wp->config->pm_max_requests;
@@ -178,7 +197,8 @@ static void fpm_child_init(struct fpm_worker_pool_s *wp) /* {{{ */
 	    0 > fpm_unix_init_child(wp)   ||
 	    0 > fpm_signals_init_child()  ||
 	    0 > fpm_env_init_child(wp)    ||
-	    0 > fpm_php_init_child(wp)) {
+	    0 > fpm_php_init_child(wp)    ||
+	    0 > fpm_child_cloexec()) {
 
 		zlog(ZLOG_ERROR, "[pool %s] child failed to initialize", wp->config->name);
 		exit(FPM_EXIT_SOFTWARE);