[stunnel-users] stunnel automatically listening to extra ports: BAD
bri at stunnel.org
Fri Jan 11 23:11:04 CET 2008
Nigh 2008-01-11 17:06 -0500, Alan Pinstein pleaded:
> I don't know a lot about sockets programming, but I am not sure this
> makes sense... I don't WANT stunnel to stop listening to those ports;
> rather it shouldn't ever start. stunnel has a config file, so I'd
> expect it to only listen to the ports it was told to listen to, which
> is 4449.
Can you show us the code that is starting Stunnel? Is it running as
the apache user? Is it actually being started from apache itself?
If apache (the webserver daemon) is exec'ing Stunnel, it should be
closing those sockets. If it's not, you'd still see them as LISTENable.
(Now, would stunnel accept on them? I'd think not, because it's bound
4449 and only does listen() on that socket.
> But still I think that stunnel is actively listening on these ports.
> Forked processed just don't inherit sockets from parents AFAIK....
google for 'close on exec'
> I suppose that I could just set it up in init.d to run on boot, but
> was hoping to not have to deal with another initd process for ease of
You're better off using init.d, honestly. Else you might get more than
one stunnel trying to start up, all that logic to start or not start,
Brian Hatch "I jump from aircraft at 14000 feet
Systems and saying my chute always opens - so
Security Engineer I pee on jinxes."
Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: Digital signature
More information about the stunnel-users