sort,split,yes: ensure pipe and pipe2 don't open standard descriptors

* bootstrap.conf (gnulib_modules): Add pipe2-safer.
* cfg.mk (sc_require_unistd_safer): New rule for 'make syntax-check'.
* gl/lib/fd-reopen.c: Include unistd--.h instead of unistd.h.
* src/sort.c: Include unistd--.h.
* src/split.c: Likewise.
* src/yes.c: Likewise.

diff --git a/bootstrap.conf b/bootstrap.conf
index 5f15a82f906fc0063267a88d02307f2af1bf3fd7..6119c0f88ac20619bb490743fa82f478a7589aca 100644 (file)
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -213,6 +213,7 @@ gnulib_modules="
   physmem
   pipe-posix
   pipe2
+  pipe2-safer
   posix-shell
   posix_spawn
   posix_spawn_file_actions_addclose

diff --git a/cfg.mk b/cfg.mk
index 27b63f93b0429e62d38c58a8294312f7ad6ade8b..aa2c86e23d209ffa112c4459c3f86f3655b46842 100644 (file)
--- a/cfg.mk
+++ b/cfg.mk
@@ -603,6 +603,19 @@ sc_require_stdlib_safer:
        else :;                                                         \
        fi
 
+# Ensure that "unistd--.h" is used where appropriate.
+sc_require_unistd_safer:
+       @if $(VC_LIST_EXCEPT) | grep -l '\.[ch]$$' > /dev/null; then    \
+         files=$$(grep -El '$(begword)(pipe2?|dup[23]?) ?\('           \
+                  $$($(VC_LIST_EXCEPT)                                 \
+             | grep '\.[ch]$$'));                                      \
+         test -n "$$files" && grep -LE 'include "unistd--.h"' $$files  \
+             | grep . &&                                               \
+         { echo '$(ME): the above files should use "unistd--.h"'       \
+               1>&2; exit 1; } || :;                                   \
+       else :;                                                         \
+       fi
+
 sc_prohibit_perl_hash_quotes:
        @prohibit="\{'[A-Z_]+' *[=}]"                                   \
        halt="in Perl code, write \$$hash{KEY}, not \$$hash{'K''EY'}"   \

diff --git a/gl/lib/fd-reopen.c b/gl/lib/fd-reopen.c
index 10fb40bbd1a77abc1a7a804566d9c0e7ab9a2ea7..607235febcd49d2450f364a5ff49d59c20ccbd51 100644 (file)
--- a/gl/lib/fd-reopen.c
+++ b/gl/lib/fd-reopen.c
@@ -23,7 +23,7 @@
 
 #include <errno.h>
 #include <fcntl.h>
-#include <unistd.h>
+#include "unistd--.h"
 
 /* Open a file to a particular file descriptor.  This is like standard
    'open', except it always returns DESIRED_FD if successful.  */

diff --git a/src/sort.c b/src/sort.c
index c35890ec22e67ac6da112dbcf45eb09bf14697cf..e20ed2c8f1075f9fea8762b5ad788796d23af8b3 100644 (file)
--- a/src/sort.c
+++ b/src/sort.c
@@ -51,6 +51,7 @@
 #include "stdlib--.h"
 #include "strnumcmp.h"
 #include "term-sig.h"
+#include "unistd--.h"
 #include "xmemcoll.h"
 #include "xnanosleep.h"
 #include "xstrtol.h"

diff --git a/src/split.c b/src/split.c
index e5fd0ae2e36802bd37fc882c688c291f4ffd4fad..4786df8279478e8ba65b77892535a6855a26d48a 100644 (file)
--- a/src/split.c
+++ b/src/split.c
@@ -40,6 +40,7 @@
 #include "sig2str.h"
 #include "sys-limits.h"
 #include "temp-stream.h"
+#include "unistd--.h"
 #include "xbinary-io.h"
 #include "xdectoint.h"
 #include "xstrtol.h"

diff --git a/src/yes.c b/src/yes.c
index 91e540eba9c408e12d50266b382b5c7752b881fb..1a1d74ce5eb028a8e798d9598551f78dc73e50c4 100644 (file)
--- a/src/yes.c
+++ b/src/yes.c
@@ -27,6 +27,7 @@
 #include "full-write.h"
 #include "isapipe.h"
 #include "long-options.h"
+#include "unistd--.h"
 
 /* The official name of this program (e.g., no 'g' prefix).  */
 #define PROGRAM_NAME "yes"