spawn: close all file descriptors before execve

No need to give whatever we're calling access to what we use
2025-12-23 07:29:11 -08:00 · 2018-10-16 18:08:36 +00:00
parent 5c85da5a73
commit c774392985
3 changed files with 25 additions and 0 deletions
--- a/src/common/spawn.cpp
+++ b/src/common/spawn.cpp
@@ -38,6 +38,7 @@
 #endif

 #include "misc_log_ex.h"
+#include "util.h"
 #include "spawn.h"

 namespace tools
@@ -101,6 +102,8 @@ int spawn(const char *filename, const std::vector<std::string>& args, bool wait)
  // child
  if (pid == 0)
  {
+    tools::closefrom(3);
+    close(0);
    char *envp[] = {NULL};
    execve(filename, argv, envp);
    MERROR("Failed to execve: " << strerror(errno));