diff options
| -rwxr-xr-x | letsencrypt | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/letsencrypt b/letsencrypt index 23659d5..2b0249c 100755 --- a/letsencrypt +++ b/letsencrypt @@ -410,6 +410,8 @@ sub acme_client($@) { die "connect: $!"; } + # use execve(2) rather than a Perl pseudo-process to ensure that the + # child doesn't have access to the parent's memory my @fileno = map { fileno($_) =~ /^(\d+)$/ ? $1 : die } ($CONFFILE, $client); # untaint fileno spawn({%$args{qw/in out/}, child => sub() { drop_privileges($conf->{user}, $conf->{group}, $args->{chdir} // '/'); @@ -448,8 +450,6 @@ sub spawn($@) { } else { open STDOUT, '>', '/dev/null' or die "Can't open /dev/null: $!"; } - # use execve(2) rather than a Perl pseudo-process to ensure that - # the child doesn't have access to the parent's memory exec { $exec[0] } @exec or die; } push @CLEANUP, sub() { |