From 6dfbb9aaf339f56d4415c3b8b49638b2cd6e1b75 Mon Sep 17 00:00:00 2001
From: Allan Saddi <allan@saddi.com>
Date: Tue, 27 Jun 2006 18:53:04 +0000
Subject: Set close-on-exec flag on all server sockets.

---
 ChangeLog                     |  5 +++++
 flup/server/preforkserver.py  | 16 ++++++++++++++++
 flup/server/threadedserver.py | 14 ++++++++++++++
 3 files changed, 35 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 0e74e0b..5361be4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2006-06-27  Allan Saddi  <asaddi@kalahari.flup.org>
+
+	* Set close-on-exec flag on all server sockets. Thanks to
+	  Ralf Schmitt for reporting the problem.
+
 2006-06-18  Allan Saddi  <asaddi@europa.saddi.net>
 
 	* Stop ignoring EPIPE exceptions, as this is probably the
diff --git a/flup/server/preforkserver.py b/flup/server/preforkserver.py
index a544f47..d7c4bf4 100644
--- a/flup/server/preforkserver.py
+++ b/flup/server/preforkserver.py
@@ -53,6 +53,15 @@ if not hasattr(socket, 'socketpair'):
 
     socket.socketpair = socketpair
 
+try:
+    import fcntl
+except ImportError:
+    def setCloseOnExec(sock):
+        pass
+else:
+    def setCloseOnExec(sock):
+        fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
+
 class PreforkServer(object):
     """
     A preforked server model conceptually similar to Apache httpd(2). At
@@ -102,6 +111,9 @@ class PreforkServer(object):
         # Don't want operations on main socket to block.
         sock.setblocking(0)
 
+        # Set close-on-exec
+        setCloseOnExec(sock)
+        
         # Main loop.
         while self._keepGoing:
             # Maintain minimum number of children.
@@ -255,7 +267,9 @@ class PreforkServer(object):
         # the parent and its children.
         parent, child = socket.socketpair()
         parent.setblocking(0)
+        setCloseOnExec(parent)
         child.setblocking(0)
+        setCloseOnExec(child)
         try:
             pid = os.fork()
         except OSError, e:
@@ -317,6 +331,8 @@ class PreforkServer(object):
                     continue
                 raise
 
+            setCloseOnExec(clientSock)
+            
             # Check if this client is allowed.
             if not self._isClientAllowed(addr):
                 clientSock.close()
diff --git a/flup/server/threadedserver.py b/flup/server/threadedserver.py
index 60c1bfa..c2d0e04 100644
--- a/flup/server/threadedserver.py
+++ b/flup/server/threadedserver.py
@@ -34,6 +34,15 @@ import errno
 
 from threadpool import ThreadPool
 
+try:
+    import fcntl
+except ImportError:
+    def setCloseOnExec(sock):
+        pass
+else:
+    def setCloseOnExec(sock):
+        fcntl.fcntl(sock.fileno(), fcntl.F_SETFD, fcntl.FD_CLOEXEC)
+
 __all__ = ['ThreadedServer']
 
 class ThreadedServer(object):
@@ -54,6 +63,9 @@ class ThreadedServer(object):
         self._hupReceived = False
         self._installSignalHandlers()
 
+        # Set close-on-exec
+        setCloseOnExec(sock)
+        
         # Main loop.
         while self._keepGoing:
             try:
@@ -71,6 +83,8 @@ class ThreadedServer(object):
                         continue
                     raise
 
+                setCloseOnExec(clientSock)
+                
                 if not self._isClientAllowed(addr):
                     clientSock.close()
                     continue
-- 
cgit v1.2.1