From d0360f2de18d1a6597772f74acd2fd4dc2a6715e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ekl=C3=B6f?= <daniel@ekloef.se>
Date: Mon, 2 Nov 2020 19:03:33 +0100
Subject: [PATCH] particle: reset signals and signal mask when executing an
 on-click handler

---
 particle.c | 26 +++++++++++++++++++++-----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/particle.c b/particle.c
index be98e0e..ffe330f 100644
--- a/particle.c
+++ b/particle.c
@@ -219,14 +219,25 @@ exposable_default_on_mouse(struct exposable *exposable, struct bar *bar,
 
                 LOG_DBG("executing on-click handler: %s", cmd);
 
+                sigset_t mask;
+                sigemptyset(&mask);
+
+                const struct sigaction sa = {.sa_handler = SIG_DFL};
+                if (sigaction(SIGINT, &sa, NULL) < 0 ||
+                    sigaction(SIGTERM, &sa, NULL) < 0 ||
+                    sigaction(SIGCHLD, &sa, NULL) < 0 ||
+                    sigprocmask(SIG_SETMASK, &mask, NULL) < 0)
+                {
+                    goto fail;
+                }
+
                 /* Redirect stdin/stdout/stderr to /dev/null */
                 int dev_null_r = open("/dev/null", O_RDONLY | O_CLOEXEC);
                 int dev_null_w = open("/dev/null", O_WRONLY | O_CLOEXEC);
 
                 if (dev_null_r == -1 || dev_null_w == -1) {
                     LOG_ERRNO("/dev/null: failed to open");
-                    (void)!write(pipe_fds[1], &errno, sizeof(errno));
-                    _exit(1);
+                    goto fail;
                 }
 
                 if (dup2(dev_null_r, STDIN_FILENO) == -1 ||
@@ -234,15 +245,20 @@ exposable_default_on_mouse(struct exposable *exposable, struct bar *bar,
                     dup2(dev_null_w, STDERR_FILENO) == -1)
                 {
                     LOG_ERRNO("failed to redirect stdin/stdout/stderr");
-                    (void)!write(pipe_fds[1], &errno, sizeof(errno));
-                    _exit(1);
+                    goto fail;
                 }
 
+                /* Close *all* other FDs (e.g. script modules' FDs) */
+                for (int i = STDERR_FILENO + 1; i < 65536; i++)
+                    close(i);
+
                 execvp(argv[0], argv);
 
+            fail:
                 /* Signal failure to parent process */
                 (void)!write(pipe_fds[1], &errno, sizeof(errno));
-                _exit(1);
+                close(pipe_fds[1]);
+                _exit(errno);
                 break;
 
             default: