pauljako/yambar
1
0
Fork 0
forked from external/yambar
Code Pull requests Activity

module/script: open comm-pipe + /dev/null with CLOEXEC

Browse source 
This ensures we don’t leak FDs when exec:ing e.g. on-click
handlers.

Note that the comm-pipe FD is *supposed* to stay open when we execing
the script. This is handled by the call to dup2(), which drops the
CLOEXEC flag. Since dup2() is called after the fork, the dup:ed FD is
never visible in the “parent” yambar process.
This commit is contained in:
Daniel Eklöf 2022-03-29 18:22:08 +02:00
parent 2b6f5b1e36
commit 068c25d8f6
No known key found for this signature in database
GPG key ID: 5BBD4992C116573F
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
modules/script.c
View file

@ -396,7 +396,7 @@ execute_script(struct module *mod)
/* Stdout redirection pipe */
int comm_pipe[2];
if (pipe(comm_pipe) < 0) {
if (pipe2(comm_pipe, O_CLOEXEC) < 0) {
LOG_ERRNO("failed to create stdin/stdout redirection pipe");
close(exec_pipe[0]);
close(exec_pipe[1]);
@ -444,7 +444,7 @@ execute_script(struct module *mod)
close(comm_pipe[0]);
/* Re-direct stdin/stdout */
int dev_null = open("/dev/null", O_RDONLY);
int dev_null = open("/dev/null", O_RDONLY | O_CLOEXEC);
if (dev_null < 0)
goto fail;