[Bug #1222790] Set reuse-address and close-on-exec flags on the HTTP listening socket

Lib/SimpleXMLRPCServer.py

@@ -104,7 +104,7 @@ from xmlrpclib import Fault
 import SocketServer
 import BaseHTTPServer
 import sys
-import os
+import os, fcntl
 
 def resolve_dotted_attribute(obj, attr, allow_dotted_names=True):
     """resolve_dotted_attribute(a, 'b.c.d') => a.b.c.d
@@ -465,6 +465,8 @@ class SimpleXMLRPCServer(SocketServer.TCPServer,
     from SimpleXMLRPCDispatcher to change this behavior.
     """
 
+    allow_reuse_address = True
+
     def __init__(self, addr, requestHandler=SimpleXMLRPCRequestHandler,
                  logRequests=1):
         self.logRequests = logRequests
@@ -472,6 +474,14 @@ class SimpleXMLRPCServer(SocketServer.TCPServer,
         SimpleXMLRPCDispatcher.__init__(self)
         SocketServer.TCPServer.__init__(self, addr, requestHandler)
 
+        # [Bug #1222790] If possible, set close-on-exec flag; if a 
+        # method spawns a subprocess, the subprocess shouldn't have 
+        # the listening socket open.
+        if hasattr(fcntl, 'FD_CLOEXEC'):
+            flags = fcntl.fcntl(self.fileno(), fcntl.F_GETFD)
+            flags |= fcntl.FD_CLOEXEC
+            fcntl.fcntl(self.fileno(), fcntl.F_SETFD, flags)
+
 class CGIXMLRPCRequestHandler(SimpleXMLRPCDispatcher):
     """Simple handler for XML-RPC data passed through CGI."""
 

Misc/NEWS

@@ -448,6 +448,9 @@ Library
   disables recursive traversal through instance attributes, which can
   be exploited in various ways.
 
+- Bug #1222790: in SimpleXMLRPCServer, set the reuse-address and close-on-exec 
+  flags on the HTTP listening socket.
+
 - Bug #1110478: Revert os.environ.update to do putenv again.
 
 - Bug #1103844: fix distutils.install.dump_dirs() with negated options.