spawn: close all file descriptors before execve

No need to give whatever we're calling access to what we use
This commit is contained in:
moneromooo-monero 2018-10-16 18:08:36 +00:00
parent ccc7e3afae
commit e4ce26c79f
No known key found for this signature in database
GPG key ID: 686F07454D6CEFC3
3 changed files with 25 additions and 0 deletions

View file

@ -38,6 +38,7 @@
#endif #endif
#include "misc_log_ex.h" #include "misc_log_ex.h"
#include "util.h"
#include "spawn.h" #include "spawn.h"
namespace tools namespace tools
@ -101,6 +102,8 @@ int spawn(const char *filename, const std::vector<std::string>& args, bool wait)
// child // child
if (pid == 0) if (pid == 0)
{ {
tools::closefrom(3);
close(0);
char *envp[] = {NULL}; char *envp[] = {NULL};
execve(filename, argv, envp); execve(filename, argv, envp);
MERROR("Failed to execve: " << strerror(errno)); MERROR("Failed to execve: " << strerror(errno));

View file

@ -28,6 +28,7 @@
// //
// Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers // Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers
#include <unistd.h>
#include <cstdio> #include <cstdio>
#ifdef __GLIBC__ #ifdef __GLIBC__
@ -967,4 +968,23 @@ std::string get_nix_version_display_string()
} }
#endif #endif
void closefrom(int fd)
{
#if defined __FreeBSD__ || defined __OpenBSD__ || defined __NetBSD__ || defined __DragonFly__
::closefrom(fd);
#else
#if defined __GLIBC__
const int sc_open_max = sysconf(_SC_OPEN_MAX);
const int MAX_FDS = std::min(65536, sc_open_max);
#else
const int MAX_FDS = 65536;
#endif
while (fd < MAX_FDS)
{
close(fd);
++fd;
}
#endif
}
} }

View file

@ -238,4 +238,6 @@ namespace tools
#ifdef _WIN32 #ifdef _WIN32
std::string input_line_win(); std::string input_line_win();
#endif #endif
void closefrom(int fd);
} }