Remove the loops that close all open fds before running a

subprocess. They were intended to make sure the child process didn't
inherit anything embarrassing or inconvenient from us, such as the
master end of its own pty, but now we instead do this by making sure
to set all our own fds to not-FD_CLOEXEC on creation. This should
fix Debian bug #357520.

(This doesn't seem to work _quite_ right in uxproxy.c's invocation
of a local proxy command: both ends of a GTK internal pipe end up in
the child process's fd space. This appears to be another GTK 1 bug,
inasmuch as it goes away when I build with Colin's preliminary GTK 2
patch; for the moment I think leaving that pipe lying around is
probably less harmful than hampering the proxy process's ability to
use extra fds by prior arrangement with PuTTY's parent process.)

git-svn-id: svn://svn.tartarus.org/sgt/putty@7107 cda61777-01e9-0310-a592-d414129be87e

diff --git a/unix/uxproxy.c b/unix/uxproxy.c
index 209991f..f4e6758 100644 (file)
--- a/unix/uxproxy.c
+++ b/unix/uxproxy.c
@@ -265,6 +265,8 @@ Socket platform_new_connection(SockAddr addr, char *hostname,
        ret->error = dupprintf("pipe: %s", strerror(errno));
        return (Socket)ret;
     }
+    cloexec(to_cmd_pipe[1]);
+    cloexec(from_cmd_pipe[0]);
 
     pid = fork();
 
@@ -272,13 +274,12 @@ Socket platform_new_connection(SockAddr addr, char *hostname,
        ret->error = dupprintf("fork: %s", strerror(errno));
        return (Socket)ret;
     } else if (pid == 0) {
-       int i;
        close(0);
        close(1);
        dup2(to_cmd_pipe[0], 0);
        dup2(from_cmd_pipe[1], 1);
-       for (i = 3; i < 127; i++)
-           close(i);
+       close(to_cmd_pipe[0]);
+       close(from_cmd_pipe[1]);
        fcntl(0, F_SETFD, 0);
        fcntl(1, F_SETFD, 0);
        execl("/bin/sh", "sh", "-c", cmd, (void *)NULL);

diff --git a/unix/uxpty.c b/unix/uxpty.c
index cc01a67..f79b974 100644 (file)
--- a/unix/uxpty.c
+++ b/unix/uxpty.c
@@ -414,6 +414,8 @@ void pty_pre_init(void)
        perror("pterm: pipe");
        exit(1);
     }
+    cloexec(pipefd[0]);
+    cloexec(pipefd[1]);
     pid = fork();
     if (pid < 0) {
        perror("pterm: fork");
@@ -755,7 +757,6 @@ static const char *pty_init(void *frontend, void **backend_handle, Config *cfg,
     }
 
     if (pid == 0) {
-       int i;
        /*
         * We are the child.
         */
@@ -771,6 +772,7 @@ static const char *pty_init(void *frontend, void **backend_handle, Config *cfg,
        dup2(slavefd, 0);
        dup2(slavefd, 1);
        dup2(slavefd, 2);
+       close(slavefd);
        setsid();
 #ifdef TIOCSCTTY
        ioctl(slavefd, TIOCSCTTY, 1);
@@ -780,9 +782,6 @@ static const char *pty_init(void *frontend, void **backend_handle, Config *cfg,
        setpgid(pgrp, pgrp);
        close(open(pty->name, O_WRONLY, 0));
        setpgid(pgrp, pgrp);
-       /* Close everything _else_, for tidiness. */
-       for (i = 3; i < 1024; i++)
-           close(i);
        {
            char *term_env_var = dupprintf("TERM=%s", cfg->termtype);
            putenv(term_env_var);
@@ -863,9 +862,13 @@ static const char *pty_init(void *frontend, void **backend_handle, Config *cfg,
        add234(ptys_by_pid, pty);
     }
 
-    if (pty_signal_pipe[0] < 0 && pipe(pty_signal_pipe) < 0) {
-       perror("pipe");
-       exit(1);
+    if (pty_signal_pipe[0] < 0) {
+       if (pipe(pty_signal_pipe) < 0) {
+           perror("pipe");
+           exit(1);
+       }
+       cloexec(pty_signal_pipe[0]);
+       cloexec(pty_signal_pipe[1]);
     }
     pty_uxsel_setup(pty);