From ac01d8c83b6a3e0d9d0883d9df17f45e208ac101 Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Wed, 1 Apr 2009 20:13:21 -0700
Subject: FD_CLOEXEC all non-listen descriptors before exec

We'll allow before_exec to override that setting, however.

There are cases where someone setting
Logger.new("/path/to/file") will create new file descriptors in
the master process.  This will prevent FD leakage
and a test case (for Linux only) proves it.
---
 lib/unicorn.rb | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'lib')

diff --git a/lib/unicorn.rb b/lib/unicorn.rb
index 00012f7..c1d68c1 100644
--- a/lib/unicorn.rb
+++ b/lib/unicorn.rb
@@ -326,15 +326,24 @@ module Unicorn
       end
 
       @reexec_pid = fork do
-        @rd_sig.close if @rd_sig
-        @wr_sig.close if @wr_sig
-        @workers.values.each { |other| other.tempfile.close rescue nil }
-
         ENV.replace(@start_ctx[:environ])
-        ENV['UNICORN_FD'] = @listeners.map { |sock| sock.fileno }.join(',')
+        listener_fds = @listeners.map { |sock| sock.fileno }
+        ENV['UNICORN_FD'] = listener_fds.join(',')
         File.umask(@start_ctx[:umask])
         Dir.chdir(@start_ctx[:cwd])
         cmd = [ @start_ctx[:zero] ] + @start_ctx[:argv]
+
+        # avoid leaking FDs we don't know about, but let before_exec
+        # unset FD_CLOEXEC, if anything else in the app eventually
+        # relies on FD inheritence.
+        purgatory = [] # prevent GC of IO objects
+        (3..1024).each do |io|
+          next if listener_fds.include?(io)
+          io = IO.for_fd(io) rescue nil
+          io or next
+          purgatory << io
+          io.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
+        end
         logger.info "executing #{cmd.inspect} (in #{Dir.pwd})"
         @before_exec.call(self) if @before_exec
         exec(*cmd)
-- 
cgit v1.2.3-24-ge0c7