From 5de2a9567f73d38e3492db2ae40b6c332c9aacd6 Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Sun, 20 Oct 2013 00:50:26 +0000
Subject: set close-on-exec on all long-lived descriptors

This means ruby 1.9.3 should be supported, as well as Ruby
implementations which do not set the close-on-exec flag by default.

Note: this is only best-effort outside of modern Linux with threads,
since a multithreaded process may create and inadvertantly share
descriptors.  This is why Linux supports O_CLOEXEC, SOCK_CLOEXEC and
friends, as kernel support is the only way to sanely fix this.
---
 lib/yahns/config.rb        | 4 ++--
 lib/yahns/daemon.rb        | 1 +
 lib/yahns/socket_helper.rb | 1 +
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/yahns/config.rb b/lib/yahns/config.rb
index 3f4bb90..bdd03d6 100644
--- a/lib/yahns/config.rb
+++ b/lib/yahns/config.rb
@@ -317,8 +317,8 @@ class Yahns::Config # :nodoc:
     if String === val
       # we've already bound working_directory by the time we get here
       val = File.open(File.expand_path(val), "a")
+      val.close_on_exec = val.sync = true
       val.binmode
-      val.sync = true
     else
       rt = %w(puts write flush).map(&:to_sym) # match Rack::Lint
       rt.all? { |m| val.respond_to?(m) } or raise ArgumentError,
@@ -335,7 +335,7 @@ class Yahns::Config # :nodoc:
         @set[key] = path = "/dev/null"
       end
       File.open(path, 'a') { |fp| io.reopen(fp) } if String === path
-      io.sync = true
+      io.close_on_exec = io.sync = true
     end
 
     [ :logger, :pid, :worker_processes ].each do |var|
diff --git a/lib/yahns/daemon.rb b/lib/yahns/daemon.rb
index d12ff69..df8b573 100644
--- a/lib/yahns/daemon.rb
+++ b/lib/yahns/daemon.rb
@@ -25,6 +25,7 @@ module Yahns::Daemon # :nodoc:
       # We cannot use Yahns::Sigevent (eventfd) here because we need
       # to detect EOF on unexpected death, not just read/write
       rd, wr = IO.pipe
+      rd.close_on_exec = wr.close_on_exec = true
       grandparent = $$
       if fork
         wr.close # grandparent does not write
diff --git a/lib/yahns/socket_helper.rb b/lib/yahns/socket_helper.rb
index 61f2b0f..62a6da2 100644
--- a/lib/yahns/socket_helper.rb
+++ b/lib/yahns/socket_helper.rb
@@ -5,6 +5,7 @@
 module Yahns::SocketHelper # :nodoc:
   def set_server_sockopt(sock, opt)
     opt = {backlog: 1024}.merge!(opt) if opt
+    sock.close_on_exec = true
 
     TCPSocket === sock and sock.setsockopt(:IPPROTO_TCP, :TCP_NODELAY, 1)
     sock.setsockopt(:SOL_SOCKET, :SO_KEEPALIVE, 1)
-- 
cgit v1.2.3-24-ge0c7