Revision bump to distribute a fix that closes all file descriptors except stdin, stdout and stderr when using the /exec command. This stops child processes from having access to our network sockets and open log files. Closes bug #83683.

(Portage version: 2.0.51.19)

2 files changed, 38 insertions, 0 deletions

diff --git a/net-irc/xchat/files/2.4.1-close-fds-on-exec.patch b/net-irc/xchat/files/2.4.1-close-fds-on-exec.patch
new file mode 100644
index 000000000000..598cfb1cf37b
--- /dev/null
+++ b/net-irc/xchat/files/2.4.1-close-fds-on-exec.patch
@@ -0,0 +1,38 @@
+--- src/common/util.c	28 Feb 2005 10:37:38 -0000	1.36
++++ src/common/util.c	4 Mar 2005 11:27:21 -0000	1.37
+@@ -1216,6 +1216,7 @@
+ 	int pid;
+ 	char **argv;
+ 	int argc;
++	int fd;
+ 
+ 	if (my_poptParseArgvString (cmd, &argc, &argv) != 0)
+ 		return -1;
+@@ -1226,6 +1227,8 @@
+ 		return -1;
+ 	if (pid == 0)
+ 	{
++		/* Now close all open file descriptors except stdin, stdout and stderr */
++		for (fd = 3; fd < 1024; fd++) close(fd);
+ 		execvp (argv[0], argv);
+ 		_exit (0);
+ 	} else
+--- src/common/outbound.c	26 Feb 2005 08:05:33 -0000	1.73
++++ src/common/outbound.c	4 Mar 2005 11:27:21 -0000	1.74
+@@ -1342,6 +1342,7 @@
+ 	int fds[2], pid = 0;
+ 	struct nbexec *s;
+ 	int shell = TRUE;
++	int fd;
+ 
+ 	if (*cmd)
+ 	{
+@@ -1411,6 +1412,8 @@
+ 			dup2 (fds[1], 2);
+ 			/* Also copy it to stdin so we can write to it */
+ 			dup2 (fds[1], 0);
++			/* Now close all open file descriptors except stdin, stdout and stderr */
++			for (fd = 3; fd < 1024; fd++) close(fd);
+ 			/* Now we call /bin/sh to run our cmd ; made it more friendly -DC1 */
+ 			if (shell)
+ 			{
diff --git a/net-irc/xchat/files/digest-xchat-2.4.1 b/net-irc/xchat/files/digest-xchat-2.4.1-r1
index c09c93cf6a1a..c09c93cf6a1a 100644
--- a/net-irc/xchat/files/digest-xchat-2.4.1
+++ b/net-irc/xchat/files/digest-xchat-2.4.1-r1