[stunnel-users] stunnel automatically listening to extra ports: BAD

Michal Trojnara Michal.Trojnara at mobi-com.net
Sat Jan 12 16:17:24 CET 2008


Luis Rodrigo Gallardo Cruz wrote:
>  for (i = 0; i < [some-hopefuly-large-enough-value]; i++)
>   close(i);

I'd recommend to build (with "gcc -Wall -O2 -s -o closefds closefds.c")
the following workaround:

/* closefds.c by Michal Trojnara 2008.01.12 */
/* This code is public domain */

#include <stdio.h>
#include <unistd.h>

int main(int argc, char *argv[]) {
    int i;

    for(i=3; i<1023; ++i)
        close(i);
    execvp(argv[0], argv+1);
    perror(argv[0]);
    return 0;
}

Replace "/bin_path/stunnel /conf_path/stunnel.conf" with
"/bin_path/closefds /bin_path/stunnel /conf_path/stunnel.conf"

Some reasoning behind the code:
1. stunnel deals fine with fd 0, 1 and 2.
2. It's very unlikely that the calling application will use file descriptors 
over 1023.

Best regards,
    Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20080112/3e35208c/attachment.sig>


More information about the stunnel-users mailing list