aboutsummaryrefslogtreecommitdiff
path: root/shell.c
diff options
context:
space:
mode:
authorPaolo Bonzini <bonzini@gnu.org>2008-08-27 17:20:35 +0200
committerJunio C Hamano <gitster@pobox.com>2008-08-29 00:14:29 -0700
commit0cfeed2e1d320cc76c434e0bfc26d90065754e46 (patch)
tree6d97516c7eff97cc960288e0930552d75ad54394 /shell.c
parent29f28151c5ac0ed842e9a00438f1930ee4052757 (diff)
downloadgit-0cfeed2e1d320cc76c434e0bfc26d90065754e46.tar.gz
git-0cfeed2e1d320cc76c434e0bfc26d90065754e46.tar.xz
make git-shell paranoid about closed stdin/stdout/stderr
It is in general unsafe to start a program with one or more of file descriptors 0/1/2 closed. Karl Chen for example noticed that stat_command does this in order to rename a pipe file descriptor to 0: dup2(from, 0); close(from); ... but if stdin was closed (for example) from == 0, so that dup2(0, 0); close(0); just ends up closing the pipe. Another extremely rare but nasty problem would occur if an "important" file ends up in file descriptor 2, and is corrupted by a call to die(). Fixing this in git was considered to be overkill, so this patch works around it only for git-shell. The fix is simply to open all the "low" descriptors to /dev/null in main. Signed-off-by: Paolo Bonzini <bonzini@gnu.org> Acked-by: Stephen R. van den Berg <srb@cuci.nl> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'shell.c')
-rw-r--r--shell.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/shell.c b/shell.c
index 6a48de05f..ad60200d2 100644
--- a/shell.c
+++ b/shell.c
@@ -56,6 +56,19 @@ int main(int argc, char **argv)
{
char *prog;
struct commands *cmd;
+ int devnull_fd;
+
+ /*
+ * Always open file descriptors 0/1/2 to avoid clobbering files
+ * in die(). It also avoids not messing up when the pipes are
+ * dup'ed onto stdin/stdout/stderr in the child processes we spawn.
+ */
+ devnull_fd = open("/dev/null", O_RDWR);
+ while (devnull_fd >= 0 && devnull_fd <= 2)
+ devnull_fd = dup(devnull_fd);
+ if (devnull_fd == -1)
+ die("opening /dev/null failed (%s)", strerror(errno));
+ close (devnull_fd);
/*
* Special hack to pretend to be a CVS server