From 044a4cb8b4ba06c6355c5e9978cd5dbfe9df94b2 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 17 Feb 2021 23:15:03 +0100 Subject: webserver: reopen stdin from /dev/null. Having both lacme(8) and its webserver component reading from the same standard input could yield starvation. --- Changelog | 1 + lacme | 1 + 2 files changed, 2 insertions(+) diff --git a/Changelog b/Changelog index 35503e9..c476ee1 100644 --- a/Changelog +++ b/Changelog @@ -51,6 +51,7 @@ lacme (0.7.1) upstream; $(sbindir)/lacme. - client: avoid "Use of uninitialized value in pattern match (m//)" perl warnings when the accountd socket can't be reached. + - webserver: reopen stdin from /dev/null. -- Guilhem Moulin Wed, 09 Dec 2020 18:23:22 +0100 diff --git a/lacme b/lacme index a5ba9f4..e5f8715 100755 --- a/lacme +++ b/lacme @@ -374,6 +374,7 @@ sub spawn_webserver() { my $pid = fork() // "fork: $!"; unless ($pid) { drop_privileges($conf->{user}, $conf->{group}, $tmpdir); + open STDIN, '<', '/dev/null' or die "open(/dev/null): $!"; set_FD_CLOEXEC($sock, 0); $ENV{DEBUG} = $OPTS{debug}; # use execve(2) rather than a Perl pseudo-process to ensure that -- cgit v1.2.3