X-Git-Url: http://git.annexia.org/?p=miniexpect.git;a=blobdiff_plain;f=miniexpect.c;fp=miniexpect.c;h=ee2b7fa84eaeefdc5e8c5defa26a77fd46d0ab14;hp=e1a184ce10e9b0bf03aeb8a1afb0c7af816ae84e;hb=57eea3e7cc0f214200642fbeb68b6b063243558b;hpb=ef57e4a7956ef591db6578d8ca928b4287e75a3f

diff --git a/miniexpect.c b/miniexpect.c
index e1a184c..ee2b7fa 100644
--- a/miniexpect.c
+++ b/miniexpect.c
@@ -24,6 +24,7 @@
 #include <string.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <signal.h>
 #include <poll.h>
 #include <errno.h>
 #include <termios.h>
@@ -161,7 +162,20 @@ mexp_spawnv (const char *file, char **argv)
 
   if (pid == 0) {               /* Child. */
     struct termios terminal_settings;
-    int slave_fd;
+    struct sigaction sa;
+    int i, slave_fd, max_fd;
+
+    /* Remove all signal handlers.  See the justification here:
+     * https://www.redhat.com/archives/libvir-list/2008-August/msg00303.html
+     * We don't mask signal handlers yet, so this isn't completely
+     * race-free, but better than not doing it at all.
+     */
+    memset (&sa, 0, sizeof sa);
+    sa.sa_handler = SIG_DFL;
+    sa.sa_flags = 0;
+    sigemptyset (&sa.sa_mask);
+    for (i = 1; i < NSIG; ++i)
+      sigaction (i, &sa, NULL);
 
     setsid ();
 
@@ -188,6 +202,17 @@ mexp_spawnv (const char *file, char **argv)
      */
     close (fd);
 
+    /* Close all other file descriptors.  This ensures that we don't
+     * hold open (eg) pipes from the parent process.
+     */
+    max_fd = sysconf (_SC_OPEN_MAX);
+    if (max_fd == -1)
+      max_fd = 1024;
+    if (max_fd > 65536)
+      max_fd = 65536;        /* bound the amount of work we do here */
+    for (fd = 3; fd < max_fd; ++fd)
+      close (fd);
+
     /* Run the subprocess. */
     execvp (file, argv);
     perror (file);