external/yambar
1
0
Fork 1
mirror of https://codeberg.org/dnkl/yambar.git synced 2025-04-20 03:35:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

module/script: open comm-pipe + /dev/null with CLOEXEC

Browse source 
This ensures we don’t leak FDs when exec:ing e.g. on-click
handlers.

Note that the comm-pipe FD is *supposed* to stay open when we execing
the script. This is handled by the call to dup2(), which drops the
CLOEXEC flag. Since dup2() is called after the fork, the dup:ed FD is
never visible in the “parent” yambar process.
This commit is contained in:
Daniel Eklöf 2022-03-29 18:22:08 +02:00
parent 2b6f5b1e36
commit 068c25d8f6
No known key found for this signature in database
GPG key ID: 5BBD4992C116573F
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
modules/script.c
View file

@ -396,7 +396,7 @@ execute_script(struct module *mod)
/* Stdout redirection pipe */ /* Stdout redirection pipe */
int comm_pipe[2]; int comm_pipe[2];
if (pipe(comm_pipe) < 0) { if (pipe2(comm_pipe, O_CLOEXEC) < 0) {
LOG_ERRNO("failed to create stdin/stdout redirection pipe"); LOG_ERRNO("failed to create stdin/stdout redirection pipe");
close(exec_pipe[0]); close(exec_pipe[0]);
close(exec_pipe[1]); close(exec_pipe[1]);
@ -444,7 +444,7 @@ execute_script(struct module *mod)
close(comm_pipe[0]); close(comm_pipe[0]);
/* Re-direct stdin/stdout */ /* Re-direct stdin/stdout */
int dev_null = open("/dev/null", O_RDONLY); int dev_null = open("/dev/null", O_RDONLY | O_CLOEXEC);
if (dev_null < 0) if (dev_null < 0)
goto fail; goto fail;