diff options
| -rw-r--r-- | Changelog | 2 | ||||
| -rwxr-xr-x | lacme | 2 | 
2 files changed, 4 insertions, 0 deletions
| @@ -2,6 +2,8 @@ lacme (0.3) upstream;    - When parsing config-cert files and directories (default "lacme-certs.conf      lacme-certs.conf.d"), import the default section of files read earlier. +  - Ensure lacme's config file descriptor is not passed to the accountd +    or webserver components.   -- Guilhem Moulin <guilhem@guilhem.org>  Sun, 19 Feb 2017 13:08:41 +0100 @@ -68,6 +68,7 @@ $COMMAND = $COMMAND =~ /\A(new-reg|reg=\p{Print}*|new-cert|revoke-cert)\z/ ? $1           : usage(1, "Invalid command: $COMMAND"); # validate and untaint $COMMAND  @ARGV = map { /\A(\p{Print}*)\z/ ? $1 : die } @ARGV; # untaint @ARGV +sub set_FD_CLOEXEC($$);  my $CONFFILENAME = $OPTS{config} // first { -f $_ }     ( "./$NAME.conf"     , ($ENV{XDG_CONFIG_HOME} // "$ENV{HOME}/.config")."/lacme/$NAME.conf" @@ -79,6 +80,7 @@ do {      open $CONFFILE, '<', $CONFFILENAME or die "Can't open $CONFFILENAME: $!\n";      my $conf = do { local $/ = undef; <$CONFFILE> };      # don't close $CONFFILE so we can pass it to the client +    set_FD_CLOEXEC($CONFFILE, 1);      my $h = Config::Tiny::->read_string($conf) or die Config::Tiny::->errstr()."\n";      my $defaults = delete $h->{_} // {}; | 
