commit 8503a1431ddd372d6af0d834529625a6e06b45b8
from: Omar Polo <op@omarpolo.com>
date: Sun Jan 31 11:07:12 2021 UTC

set cloexec status on the socketpair fds

the executor forks to spawn the cgi scripts, and they inherit the
socket for communication with the listener process.  Make that
impossible.

commit - 91d7870bb7115904edf6bf029698c5af437dd516
commit + 8503a1431ddd372d6af0d834529625a6e06b45b8
blob - 9ba28e70f58e61961d872fca5169f55a41ce8638
blob + d3ff036f395941aa34c2ac06ea29b110c5e34b34
--- gmid.c
+++ gmid.c
@@ -582,7 +582,8 @@ main(int argc, char **argv)
 			fatal("daemon: %s", strerror(errno));
 	}
 
-	if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, p) == -1)
+	if (socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC,
+	    PF_UNSPEC, p) == -1)
 		fatal("socketpair: %s", strerror(errno));
 
 	switch (fork()) {