diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2021-02-17 23:15:03 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2021-02-18 00:42:32 +0100 |
| commit | 044a4cb8b4ba06c6355c5e9978cd5dbfe9df94b2 (patch) | |
| tree | e94ccaf0f0ec9f05a9352536a54d7bd7edb4a1c5 | |
| parent | d6f008f8a3a9724e5acbcb8b9df29304279f4106 (diff) | |
webserver: reopen stdin from /dev/null.
Having both lacme(8) and its webserver component reading from the same
standard input could yield starvation.
| -rw-r--r-- | Changelog | 1 | ||||
| -rwxr-xr-x | lacme | 1 |
2 files changed, 2 insertions, 0 deletions
@@ -51,6 +51,7 @@ lacme (0.7.1) upstream; $(sbindir)/lacme. - client: avoid "Use of uninitialized value in pattern match (m//)" perl warnings when the accountd socket can't be reached. + - webserver: reopen stdin from /dev/null. -- Guilhem Moulin <guilhem@fripost.org> Wed, 09 Dec 2020 18:23:22 +0100 @@ -374,6 +374,7 @@ sub spawn_webserver() { my $pid = fork() // "fork: $!"; unless ($pid) { drop_privileges($conf->{user}, $conf->{group}, $tmpdir); + open STDIN, '<', '/dev/null' or die "open(/dev/null): $!"; set_FD_CLOEXEC($sock, 0); $ENV{DEBUG} = $OPTS{debug}; # use execve(2) rather than a Perl pseudo-process to ensure that |