sigaction(SIGUSR2, &action, NULL);
}
+static int set_cloexec(int fd) {
+ int flags = fcntl(fd, F_GETFD);
+ if (flags == -1) {
+ return 0;
+ }
+ if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1) {
+ return 0;
+ }
+ return 1;
+}
+
static int open_tty(int public) {
int ptm;
const char *name;
if (grantpt(ptm) != 0) {
return -1;
}
+ if (!set_cloexec(ptm)) {
+ return -1;
+ }
/* Prevent write access for other users so they can't use wall to send
* messages to this program. */
gid = getgid();
/* Drop all privileges. */
- if (setresuid(uid, uid, uid) != 0) {
- perror("setresuid");
- exit(EXIT_FAILURE);
- }
if (setresgid(gid, gid, gid) != 0) {
perror("setresgid");
exit(EXIT_FAILURE);
}
+ if (setresuid(uid, uid, uid) != 0) {
+ perror("setresuid");
+ exit(EXIT_FAILURE);
+ }
/* Verify all privileges were dropped. */
if (getresuid(&ruid, &euid, &suid) != 0) {
/* We need to open the slave or reading from the master yields EOF after
* the first wall write to it. */
- pts = open(name, O_RDWR);
+ pts = open(name, O_RDWR | O_CLOEXEC);
if (pts < 0) {
perror(name);
exit(EXIT_FAILURE);