more "obviously correct" code for secure opening of /dev/null

Old code is not broken, new one merely looks "more obviously correct". Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
author: Denys Vlasenko <vda.linux@googlemail.com> 2009-12-14 15:30:48 +0100
committer: Denys Vlasenko <vda.linux@googlemail.com> 2009-12-14 15:30:48 +0100
commit: 452013e2097aa985bf8c3f8296d00d189401eea3 (patch)
tree: 8e7679bd14ecf15803bae6b6ab4fd9f687ea874a /lib
parent: f1d1a096c389b076007cda87c6e7db3172ed98db (diff)
download: abrt-452013e2097aa985bf8c3f8296d00d189401eea3.tar.gz
abrt-452013e2097aa985bf8c3f8296d00d189401eea3.tar.xz
abrt-452013e2097aa985bf8c3f8296d00d189401eea3.zip
2 files changed, 4 insertions, 14 deletions
diff --git a/lib/Plugins/CCpp.cpp b/lib/Plugins/CCpp.cpp
index add4e50f..22566a73 100644
--- a/lib/Plugins/CCpp.cpp
+++ b/lib/Plugins/CCpp.cpp
@@ -120,12 +120,7 @@ static int ExecVP(char **pArgs, uid_t uid, string& pOutput)
         close(pipeout[0]); /* read side of the pipe */
         xmove_fd(pipeout[1], STDOUT_FILENO);
         /* Make sure stdin is safely open to nothing */
-        close(STDIN_FILENO);
-        if (open("/dev/null", O_RDONLY))
-        {
-            if (open("/", O_RDONLY))
-                abort(); /* never happens */
-        }
+        xmove_fd(xopen("/dev/null", O_RDONLY), STDIN_FILENO);
         /* Not a good idea, we won't see any error messages */
         /* close(STDERR_FILENO); */
 
@@ -395,8 +390,7 @@ static void InstallDebugInfos(const char *pDebugDumpDir,
     {
         close(pipeout[0]);
         xmove_fd(pipeout[1], STDOUT_FILENO);
-        close(STDIN_FILENO);
-        xopen("/dev/null", O_RDONLY);
+        xmove_fd(xopen("/dev/null", O_RDONLY), STDIN_FILENO);
         /* Not a good idea, we won't see any error messages */
         /*close(STDERR_FILENO);*/
 
diff --git a/lib/Plugins/Firefox.cpp b/lib/Plugins/Firefox.cpp
index 6f2c60d6..9c102041 100644
--- a/lib/Plugins/Firefox.cpp
+++ b/lib/Plugins/Firefox.cpp
@@ -115,10 +115,7 @@ static pid_t ExecVP(char** pArgs, uid_t uid, std::string& pOutput)
         close(pipeout[0]); /* read side of the pipe */
         xmove_fd(pipeout[1], STDOUT_FILENO);
         /* Make sure stdin is safely open to nothing */
-        close(STDIN_FILENO);
-        if (open("/dev/null", O_RDONLY))
-                if (open("/", O_RDONLY))
-                        abort(); /* never happens */
+        xmove_fd(xopen("/dev/null", O_RDONLY), STDIN_FILENO);
         /* Not a good idea, we won't see any error messages */
         /* close(STDERR_FILENO); */
 
@@ -692,8 +689,7 @@ static void InstallDebugInfos(const char *pDebugDumpDir, std::string& build_ids)
     {
         close(pipeout[0]);
         xmove_fd(pipeout[1], STDOUT_FILENO);
-        close(STDIN_FILENO);
-        xopen("/dev/null", O_RDONLY);
+        xmove_fd(xopen("/dev/null", O_RDONLY), STDIN_FILENO);
         /* Not a good idea, we won't see any error messages */
         /*close(STDERR_FILENO);*/
author	Denys Vlasenko <vda.linux@googlemail.com>	2009-12-14 15:30:48 +0100
committer	Denys Vlasenko <vda.linux@googlemail.com>	2009-12-14 15:30:48 +0100
commit	452013e2097aa985bf8c3f8296d00d189401eea3 (patch)
tree	8e7679bd14ecf15803bae6b6ab4fd9f687ea874a /lib
parent	f1d1a096c389b076007cda87c6e7db3172ed98db (diff)
download	abrt-452013e2097aa985bf8c3f8296d00d189401eea3.tar.gz abrt-452013e2097aa985bf8c3f8296d00d189401eea3.tar.xz abrt-452013e2097aa985bf8c3f8296d00d189401eea3.zip