Remove the loops that close all open fds before running a

subprocess. They were intended to make sure the child process didn't
inherit anything embarrassing or inconvenient from us, such as the
master end of its own pty, but now we instead do this by making sure
to set all our own fds to not-FD_CLOEXEC on creation. This should
fix Debian bug #357520.

(This doesn't seem to work _quite_ right in uxproxy.c's invocation
of a local proxy command: both ends of a GTK internal pipe end up in
the child process's fd space. This appears to be another GTK 1 bug,
inasmuch as it goes away when I build with Colin's preliminary GTK 2
patch; for the moment I think leaving that pipe lying around is
probably less harmful than hampering the proxy process's ability to
use extra fds by prior arrangement with PuTTY's parent process.)

[originally from svn r7107]

diff --git a/unix/uxproxy.c b/unix/uxproxy.c
index 209991fc8ee6387fe2a1d2fa512b4b0b05d3d390..f4e67589468f2ae1f50d0aceabb009d833b4dbf1 100644 (file)
--- a/unix/uxproxy.c
+++ b/unix/uxproxy.c
@@ -265,6 +265,8 @@ Socket platform_new_connection(SockAddr addr, char *hostname,
        ret->error = dupprintf("pipe: %s", strerror(errno));
        return (Socket)ret;
     }
+    cloexec(to_cmd_pipe[1]);
+    cloexec(from_cmd_pipe[0]);
 
     pid = fork();
 
@@ -272,13 +274,12 @@ Socket platform_new_connection(SockAddr addr, char *hostname,
        ret->error = dupprintf("fork: %s", strerror(errno));
        return (Socket)ret;
     } else if (pid == 0) {
-       int i;
        close(0);
        close(1);
        dup2(to_cmd_pipe[0], 0);
        dup2(from_cmd_pipe[1], 1);
-       for (i = 3; i < 127; i++)
-           close(i);
+       close(to_cmd_pipe[0]);
+       close(from_cmd_pipe[1]);
        fcntl(0, F_SETFD, 0);
        fcntl(1, F_SETFD, 0);
        execl("/bin/sh", "sh", "-c", cmd, (void *)NULL);

diff --git a/unix/uxpty.c b/unix/uxpty.c
index cc01a67becb94254f1c4f839b70fdb1e1f9b1d71..f79b974f60d07ec75102949ef7b494ac27cb85e7 100644 (file)
--- a/unix/uxpty.c
+++ b/unix/uxpty.c
@@ -414,6 +414,8 @@ void pty_pre_init(void)
        perror("pterm: pipe");
        exit(1);
     }
+    cloexec(pipefd[0]);
+    cloexec(pipefd[1]);
     pid = fork();
     if (pid < 0) {
        perror("pterm: fork");
@@ -755,7 +757,6 @@ static const char *pty_init(void *frontend, void **backend_handle, Config *cfg,
     }
 
     if (pid == 0) {
-       int i;
        /*
         * We are the child.
         */
@@ -771,6 +772,7 @@ static const char *pty_init(void *frontend, void **backend_handle, Config *cfg,
        dup2(slavefd, 0);
        dup2(slavefd, 1);
        dup2(slavefd, 2);
+       close(slavefd);
        setsid();
 #ifdef TIOCSCTTY
        ioctl(slavefd, TIOCSCTTY, 1);
@@ -780,9 +782,6 @@ static const char *pty_init(void *frontend, void **backend_handle, Config *cfg,
        setpgid(pgrp, pgrp);
        close(open(pty->name, O_WRONLY, 0));
        setpgid(pgrp, pgrp);
-       /* Close everything _else_, for tidiness. */
-       for (i = 3; i < 1024; i++)
-           close(i);
        {
            char *term_env_var = dupprintf("TERM=%s", cfg->termtype);
            putenv(term_env_var);
@@ -863,9 +862,13 @@ static const char *pty_init(void *frontend, void **backend_handle, Config *cfg,
        add234(ptys_by_pid, pty);
     }
 
-    if (pty_signal_pipe[0] < 0 && pipe(pty_signal_pipe) < 0) {
-       perror("pipe");
-       exit(1);
+    if (pty_signal_pipe[0] < 0) {
+       if (pipe(pty_signal_pipe) < 0) {
+           perror("pipe");
+           exit(1);
+       }
+       cloexec(pty_signal_pipe[0]);
+       cloexec(pty_signal_pipe[1]);
     }
     pty_uxsel_setup(pty);