From: Philipp Gesang <philipp.gesang@intra2net.com>
Date: Mon, 12 Feb 2018 09:48:07 +0000 (+0100)
Subject: protect pipe fd with O_CLOEXEC
X-Git-Tag: v2.10~1^2~6
X-Git-Url: http://developer.intra2net.com/git/?p=libi2ncommon;a=commitdiff_plain;h=a30f9a2227383b50d051c040df9120e7dad35325

protect pipe fd with O_CLOEXEC

On the parent, prevent other exec()s than the one in our child
from carrying over the fd. The pipe wrapper may be long lived
for this to become a problem.
---

diff --git a/src/pipestream.cpp b/src/pipestream.cpp
index 7a89be2..7816279 100644
--- a/src/pipestream.cpp
+++ b/src/pipestream.cpp
@@ -257,8 +257,8 @@ inpipebuf::init_without_shell (const char *const *argv,
     }
 
     errno = 0;
-    if (::pipe (pipefd) == -1) {
-        PIPE_CTOR_FAIL("pipe");
+    if (::pipe2 (pipefd, O_CLOEXEC) == -1) {
+        PIPE_CTOR_FAIL("pipe2");
     }
 
     sigfillset (&newmask);
@@ -275,6 +275,8 @@ inpipebuf::init_without_shell (const char *const *argv,
         case 0: {
             close (pipefd [0]);
 
+            fcntl (pipefd [1], F_SETFD, 0);
+
             if (!out) {
                 if (!redirect_devnull (STDOUT_FILENO)) {
                     fprintf(stderr, "redirect_devnull/stdout: %m\n");