From: Simon Ruderich <simon@ruderich.org>
Date: Sun, 18 May 2014 20:25:30 +0000 (+0200)
Subject: set O_CLOEXEC on TTY slave/master file descriptors
X-Git-Url: https://ruderich.org/simon/gitweb/?p=wall-notify%2Fwall-notify.git;a=commitdiff_plain;h=d28191ac3e71802b939721c1f7b8b4fe509bde53

set O_CLOEXEC on TTY slave/master file descriptors

Don't leak them to the notification process.
---

diff --git a/src/wall-notify.c b/src/wall-notify.c
index e7106be..57ec37f 100644
--- a/src/wall-notify.c
+++ b/src/wall-notify.c
@@ -67,6 +67,17 @@ static void setup_signals(void) {
     sigaction(SIGUSR2, &action, NULL);
 }
 
+static int set_cloexec(int fd) {
+    int flags = fcntl(fd, F_GETFD);
+    if (flags == -1) {
+        return 0;
+    }
+    if (fcntl(fd, F_SETFD, flags | FD_CLOEXEC) == -1) {
+        return 0;
+    }
+    return 1;
+}
+
 static int open_tty(int public) {
     int ptm;
     const char *name;
@@ -78,6 +89,9 @@ static int open_tty(int public) {
     if (grantpt(ptm) != 0) {
         return -1;
     }
+    if (!set_cloexec(ptm)) {
+        return -1;
+    }
 
     /* Prevent write access for other users so they can't use wall to send
      * messages to this program. */
@@ -442,7 +456,7 @@ int main(int argc, char **argv) {
 
     /* We need to open the slave or reading from the master yields EOF after
      * the first wall write to it. */
-    pts = open(name, O_RDWR);
+    pts = open(name, O_RDWR | O_CLOEXEC);
     if (pts < 0) {
         perror(name);
         exit(EXIT_FAILURE);