From 7a6713fdc5bbfbd605eb755f2590ac9861debe69 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Sat, 15 Feb 2025 11:40:53 +0000
Subject: [PATCH] pty: Connect stdin to /dev/null when not connected

We don't want to run an interactive console and nothing should think
that we are.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 src/pakfire/jail.c |  2 +-
 src/pakfire/pty.c  | 45 ++++++++++++++++++++++++++++++++++++++++-----
 2 files changed, 41 insertions(+), 6 deletions(-)

diff --git a/src/pakfire/jail.c b/src/pakfire/jail.c
index 0d7e1d42..3132e40a 100644
--- a/src/pakfire/jail.c
+++ b/src/pakfire/jail.c
@@ -1290,7 +1290,7 @@ static int pakfire_jail_child(struct pakfire_jail* jail, struct pakfire_jail_exe
 
 	// Open a new PTY
 	r = pakfire_pty_open(ctx->pty);
-	if (r) {
+	if (r < 0) {
 		ERROR(jail->ctx, "Could not open a new PTY: %s\n", strerror(-r));
 		return r;
 	}
diff --git a/src/pakfire/pty.c b/src/pakfire/pty.c
index 43dc7c29..b056d606 100644
--- a/src/pakfire/pty.c
+++ b/src/pakfire/pty.c
@@ -1330,6 +1330,33 @@ struct pakfire_pty* pakfire_pty_unref(struct pakfire_pty* pty) {
 	return NULL;
 }
 
+static int pakfire_pty_connect_null(struct pakfire_pty* pty) {
+	int fd = -EBADF;
+	int r;
+
+	// Open /dev/null
+	fd = open("/dev/null", O_RDONLY);
+	if (fd < 0) {
+		ERROR(pty->ctx, "Failed to open /dev/null: %m\n");
+		r = -errno;
+		goto ERROR;
+	}
+
+	// Copy to the desired file descriptor
+	r = dup2(fd, STDIN_FILENO);
+	if (r < 0) {
+		ERROR(pty->ctx, "Failed to duplicate the file descriptor: %m\n");
+		r = -errno;
+		goto ERROR;
+	}
+
+ERROR:
+	if (fd >= 0)
+		close(fd);
+
+	return r;
+}
+
 /*
 	Sets up the terminal in the child process...
 */
@@ -1348,11 +1375,19 @@ static int pakfire_pty_setup_terminal(struct pakfire_pty* pty) {
 	DEBUG(pty->ctx, "Opened a new terminal %d\n", fd);
 
 	// Connect the new terminal to standard input
-	r = dup2(fd, STDIN_FILENO);
-	if (r < 0) {
-		ERROR(pty->ctx, "Failed to open standard input: %s\n", strerror(errno));
-		r = -errno;
-		goto ERROR;
+	if (pakfire_pty_has_flag(pty, PAKFIRE_PTY_CONNECT_STDIN)) {
+		r = dup2(fd, STDIN_FILENO);
+		if (r < 0) {
+			ERROR(pty->ctx, "Failed to open standard input: %s\n", strerror(errno));
+			r = -errno;
+			goto ERROR;
+		}
+
+	// Otherwise we connect standard input to /dev/null
+	} else {
+		r = pakfire_pty_connect_null(pty);
+		if (r < 0)
+			goto ERROR;
 	}
 
 	// Connect the new terminal to standard output
-- 
2.39.5