[stunnel-users] stunnel automatically listening to extra ports: BAD
Michal Trojnara
Michal.Trojnara at mobi-com.net
Sat Jan 12 16:17:24 CET 2008
Luis Rodrigo Gallardo Cruz wrote:
> for (i = 0; i < [some-hopefuly-large-enough-value]; i++)
> close(i);
I'd recommend to build (with "gcc -Wall -O2 -s -o closefds closefds.c")
the following workaround:
/* closefds.c by Michal Trojnara 2008.01.12 */
/* This code is public domain */
#include <stdio.h>
#include <unistd.h>
int main(int argc, char *argv[]) {
int i;
for(i=3; i<1023; ++i)
close(i);
execvp(argv[0], argv+1);
perror(argv[0]);
return 0;
}
Replace "/bin_path/stunnel /conf_path/stunnel.conf" with
"/bin_path/closefds /bin_path/stunnel /conf_path/stunnel.conf"
Some reasoning behind the code:
1. stunnel deals fine with fd 0, 1 and 2.
2. It's very unlikely that the calling application will use file descriptors
over 1023.
Best regards,
Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080112/3e35208c/attachment.sig>
More information about the stunnel-users
mailing list