Add a close_fd_above_stderr flag to struct child_process. When set,
the child closes file descriptors 3 and above between fork and exec
(skipping the child-notifier pipe), capped at sysconf(_SC_OPEN_MAX)
or 4096, whichever is smaller. This prevents the child from
inheriting pipe endpoints or other descriptors from the parent
environment (e.g., the test harness).
Signed-off-by: Paul Tarjan <github@paulisageek.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
"restoring signal mask");
#endif
}
+
#endif /* GIT_WINDOWS_NATIVE */
static inline void set_cloexec(int fd)
child_close(cmd->out);
}
+ if (cmd->close_fd_above_stderr) {
+ long max_fd = sysconf(_SC_OPEN_MAX);
+ int fd;
+ if (max_fd < 0 || max_fd > 4096)
+ max_fd = 4096;
+ for (fd = 3; fd < max_fd; fd++) {
+ if (fd != child_notifier)
+ close(fd);
+ }
+ }
+
if (cmd->dir && chdir(cmd->dir))
child_die(CHILD_ERR_CHDIR);
unsigned stdout_to_stderr:1;
unsigned clean_on_exit:1;
unsigned wait_after_clean:1;
+
+ /**
+ * Close file descriptors 3 and above in the child after forking
+ * but before exec. This prevents the child from inheriting
+ * pipe endpoints or other descriptors from the parent
+ * environment (e.g., the test harness).
+ */
+ unsigned close_fd_above_stderr:1;
+
void (*clean_on_exit_handler)(struct child_process *process);
};
projects / thirdparty / git.git / commitdiff
