From 760e5e682dbaf2c4f5ed5a27119cc8a95ccce993 Mon Sep 17 00:00:00 2001
From: Sami Kerola
Date: Sat, 2 Apr 2016 21:30:15 +0100
Subject: script: close file descriptors on exec

The commands spawned from script(1) will never need access various file
descriptors the script(1) is using.

Reviewed-by: Ruediger Meier <sweet_f_a@gmx.de>
Reviewed-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
---
 term-utils/script.c | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

(limited to 'term-utils/script.c')

diff --git a/term-utils/script.c b/term-utils/script.c
index 119974230..279b9ecfe 100644
--- a/term-utils/script.c
+++ b/term-utils/script.c
@@ -419,15 +419,16 @@ static void do_io(struct script_control *ctl)
 	};
 
 
-	if ((ctl->typescriptfp = fopen(ctl->fname, ctl->append ? "a" : "w")) == NULL) {
+	if ((ctl->typescriptfp =
+	     fopen(ctl->fname, ctl->append ? "a" UL_CLOEXECSTR : "w" UL_CLOEXECSTR)) == NULL) {
 		warn(_("cannot open %s"), ctl->fname);
 		fail(ctl);
 	}
 	if (ctl->timing) {
 		if (!ctl->tname) {
-			if (!(ctl->timingfp = fopen("/dev/stderr", "w")))
+			if (!(ctl->timingfp = fopen("/dev/stderr", "w" UL_CLOEXECSTR)))
 				err(EXIT_FAILURE, _("cannot open %s"), "/dev/stderr");
-		} else if (!(ctl->timingfp = fopen(ctl->tname, "w")))
+		} else if (!(ctl->timingfp = fopen(ctl->tname, "w" UL_CLOEXECSTR)))
 			err(EXIT_FAILURE, _("cannot open %s"), ctl->tname);
 	}
 
@@ -515,7 +516,7 @@ static void getslave(struct script_control *ctl)
 {
 #ifndef HAVE_LIBUTIL
 	ctl->line[strlen("/dev/")] = 't';
-	ctl->slave = open(ctl->line, O_RDWR);
+	ctl->slave = open(ctl->line, O_RDWR | O_CLOEXEC);
 	if (ctl->slave < 0) {
 		warn(_("cannot open %s"), ctl->line);
 		fail(ctl);
@@ -625,7 +626,7 @@ static void getmaster(struct script_control *ctl)
 			break;
 		for (cp = "0123456789abcdef"; *cp; cp++) {
 			*pty = *cp;
-			ctl->master = open(ctl->line, O_RDWR);
+			ctl->master = open(ctl->line, O_RDWR | O_CLOEXEC);
 			if (ctl->master >= 0) {
 				char *tp = &ctl->line[strlen("/dev/")];
 				int ok;
@@ -765,7 +766,7 @@ int main(int argc, char **argv)
 	 * handled according to their default dispositions */
 	sigprocmask(SIG_BLOCK, &ctl.sigset, &ctl.sigorg);
 
-	if ((ctl.sigfd = signalfd(-1, &ctl.sigset, 0)) < 0)
+	if ((ctl.sigfd = signalfd(-1, &ctl.sigset, SFD_CLOEXEC)) < 0)
 		err(EXIT_FAILURE, _("cannot set signal handler"));
 
 	DBG(SIGNAL, ul_debug("signal fd=%d", ctl.sigfd));
-- 
cgit v1.2.3-55-g7522