From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 27 Apr 2023 13:33:01 +0000 (+0200)
Subject: shutdown: paranoia – close all fds we might get passed in
X-Git-Tag: v254-rc1~607
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dbecd3d6eeafb099bf946511d6885f74a0b80c9d;p=thirdparty%2Fsystemd.git

shutdown: paranoia – close all fds we might get passed in

We don't expect any fds (beyond 0…2) to be passed from the service
manager into systemd-shutdown, but let's better be safe then sorry.
---

diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c
index b1dac20c692..802be44a79d 100644
--- a/src/shutdown/shutdown.c
+++ b/src/shutdown/shutdown.c
@@ -338,6 +338,12 @@ int main(int argc, char *argv[]) {
         char *arguments[3];
         int cmd, r;
 
+        /* Close random fds we might have get passed, just for paranoia, before we open any new fds, for
+         * example for logging. After all this tool's purpose is about detaching any pinned resources, and
+         * open file descriptors are the primary way to pin resources. Note that we don't really expect any
+         * fds to be passed here. */
+        (void) close_all_fds(NULL, 0);
+
         /* The log target defaults to console, but the original systemd process will pass its log target in through a
          * command line argument, which will override this default. Also, ensure we'll never log to the journal or
          * syslog, as these logging daemons are either already dead or will die very soon. */