Use closefrom if available

2025-01-21 19:47:59 +00:00 · 2019-03-13 09:58:32 -04:00 · 2019-03-13 09:58:32 -04:00 · d529026f11
commit d529026f11
parent 09178676ce
4 changed files with 31 additions and 0 deletions
--- a/autologin/autologin.c
+++ b/autologin/autologin.c
@ -206,9 +206,13 @@ Process(void)

    /* Close open files
     */
+#if HAVE_CLOSEFROM
+    closefrom((char *)0 == pcTty ? 3 : 0);
+#else
    for (i = (char *)0 == pcTty ? 3 : 0; i < getdtablesize(); ++i) {
 	(void)close(i);
    }
+#endif

    /* Make us a session leader so that when we open /dev/tty
     * it will become our controlling terminal.
--- a/conserver/consent.c
+++ b/conserver/consent.c
@ -454,11 +454,19 @@ StartInit(CONSENT *pCE)

    /* setup new process with clean file descriptors
     */
+#if HAVE_CLOSEFROM
+    for (i = 3; i <= pout[0] || i <= pin[1]; i++) {
+	if (i != pout[0] && i != pin[1])
+	    close(i);
+    }
+    closefrom(i);
+#else
    i = GetMaxFiles();
    for ( /* i above */ ; --i > 2;) {
 	if (i != pout[0] && i != pin[1])
 	    close(i);
    }
+#endif
    /* leave 2 until we have to close it */
    close(1);
    close(0);
@ -592,11 +600,18 @@ VirtDev(CONSENT *pCE)

    /* setup new process with clean filew descriptors
     */
+#if HAVE_CLOSEFROM
+    for (i = 3; i < pCE->execSlaveFD; i++)
+	close(i);
+    i++;
+    closefrom(i);
+#else
    i = GetMaxFiles();
    for ( /* i above */ ; --i > 2;) {
 	if (i != pCE->execSlaveFD)
 	    close(i);
    }
+#endif
    /* leave 2 until we *have to close it*
     */
    close(1);
--- a/conserver/group.c
+++ b/conserver/group.c
@ -1810,10 +1810,14 @@ StartTask(CONSENT *pCE, char *cmd, uid_t uid, gid_t gid)

    /* setup new process with clean file descriptors
     */
+#if HAVE_CLOSEFROM
+    closefrom(3);
+#else
    i = GetMaxFiles();
    for ( /* i above */ ; --i > 2;) {
 	close(i);
    }
+#endif

    if (geteuid() == 0) {
 	if (gid != 0)
--- a/console/console.c
+++ b/console/console.c
@ -910,11 +910,19 @@ ExecCmd(void)
    /* setup new process with clean file descriptors
     * stderr still goes to stderr...so user sees it
     */
+#ifdef HAVE_CLOSEFROM
+    for (i = 3; i <= pout[0] || i <= pin[1]; i++) {
+	if (i != pout[0] && i != pin[1])
+	    close(i);
+    }
+    closefrom(i);
+#else
    i = GetMaxFiles();
    for ( /* i above */ ; --i > 3;) {
 	if (i != pout[0] && i != pin[1])
 	    close(i);
    }
+#endif
    close(1);
    close(0);