From 452013e2097aa985bf8c3f8296d00d189401eea3 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon, 14 Dec 2009 15:30:48 +0100
Subject: more "obviously correct" code for secure opening of /dev/null

Old code is not broken, new one merely looks "more obviously correct".

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 lib/Plugins/CCpp.cpp | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

(limited to 'lib/Plugins/CCpp.cpp')

diff --git a/lib/Plugins/CCpp.cpp b/lib/Plugins/CCpp.cpp
index add4e50..22566a7 100644
--- a/lib/Plugins/CCpp.cpp
+++ b/lib/Plugins/CCpp.cpp
@@ -120,12 +120,7 @@ static int ExecVP(char **pArgs, uid_t uid, string& pOutput)
         close(pipeout[0]); /* read side of the pipe */
         xmove_fd(pipeout[1], STDOUT_FILENO);
         /* Make sure stdin is safely open to nothing */
-        close(STDIN_FILENO);
-        if (open("/dev/null", O_RDONLY))
-        {
-            if (open("/", O_RDONLY))
-                abort(); /* never happens */
-        }
+        xmove_fd(xopen("/dev/null", O_RDONLY), STDIN_FILENO);
         /* Not a good idea, we won't see any error messages */
         /* close(STDERR_FILENO); */
 
@@ -395,8 +390,7 @@ static void InstallDebugInfos(const char *pDebugDumpDir,
     {
         close(pipeout[0]);
         xmove_fd(pipeout[1], STDOUT_FILENO);
-        close(STDIN_FILENO);
-        xopen("/dev/null", O_RDONLY);
+        xmove_fd(xopen("/dev/null", O_RDONLY), STDIN_FILENO);
         /* Not a good idea, we won't see any error messages */
         /*close(STDERR_FILENO);*/
 
-- 
cgit