UDP sockets do not have the close on exec flag
|Reported by:||NickHibma||Owned by:|
|Severity:||Not set (if unsure, select this one)||Keywords:|
UDP sockets do not have the close on exec flag set (Dunno about TCP sockets). The flag is set, but too late.
I execute ntpdate in route-up script and it inherits the 1194 UDP port from openvpn. This is a major problem, as I first do ntpdate, then start the ntpd daemon (which also inherits port 1194) and openvpn fails to start afterwards.
Adding route-delay 1 to the config resolves the issue by delaying the route-up script until after do_init_socket_2() which sets the close-on-exec flag.
I think the close on exec flag should be set on all sockets right after the call to socket() or accept(), not much later.
Example where it goes wrong:
# /usr/local/etc/rc.d/openvpn start Starting openvpn. # sockstat | grep 94 root ntpdate 8019 5 udp4 *:1194 *:* root openvpn 8010 5 udp4 *:1194 *:* root sh 8009 5 udp4 *:1194 *:* ...