protect pipe fd with O_CLOEXEC

On the parent, prevent other exec()s than the one in our child
from carrying over the fd. The pipe wrapper may be long lived
for this to become a problem.

diff --git a/src/pipestream.cpp b/src/pipestream.cpp
index 7a89be2..7816279 100644 (file)
--- a/src/pipestream.cpp
+++ b/src/pipestream.cpp
@@ -257,8 +257,8 @@ inpipebuf::init_without_shell (const char *const *argv,
     }
 
     errno = 0;
-    if (::pipe (pipefd) == -1) {
-        PIPE_CTOR_FAIL("pipe");
+    if (::pipe2 (pipefd, O_CLOEXEC) == -1) {
+        PIPE_CTOR_FAIL("pipe2");
     }
 
     sigfillset (&newmask);
@@ -275,6 +275,8 @@ inpipebuf::init_without_shell (const char *const *argv,
         case 0: {
             close (pipefd [0]);
 
+            fcntl (pipefd [1], F_SETFD, 0);
+
             if (!out) {
                 if (!redirect_devnull (STDOUT_FILENO)) {
                     fprintf(stderr, "redirect_devnull/stdout: %m\n");