* NEWS, lib/nscd.c: Execute nscd -i instead of using the private

glibc socket to flush the nscd tables. This comes from the RedHat patch shadow-4.0.16-nscd.c. * lib/commonio.c: Forbid inheritance of the passwd and group files to the spawed processes (like nscd). This comes from the RedHat patch shadow-4.0.17-notInheritFd.patch. * lib/nscd.h: Update header.
2007-11-17 14:04:05 +00:00
parent 6c2e7c124f
commit 4aafb131ca
5 changed files with 55 additions and 93 deletions
--- a/lib/commonio.c
+++ b/lib/commonio.c
@@ -460,6 +460,10 @@ int commonio_open (struct commonio_db *db, int mode)
 		}
 		return 0;
 	}
+
+	/* Do not inherit fd in spawned processes (e.g. nscd) */
+	fcntl(fileno(db->fp), F_SETFD, FD_CLOEXEC);
+
 #ifdef WITH_SELINUX
 	db->scontext = NULL;
 	if ((is_selinux_enabled () > 0) && (!db->readonly)) {