Author: mturk
Date: Mon Jan 11 08:56:51 2010
New Revision: 897801
URL: http://svn.apache.org/viewvc?rev=897801&view=rev
Log:
Close all extra files using fdwalk
Modified:
commons/sandbox/runtime/trunk/src/main/native/os/unix/exec.c
Modified: commons/sandbox/runtime/trunk/src/main/native/os/unix/exec.c
URL:
http://svn.apache.org/viewvc/commons/sandbox/runtime/trunk/src/main/native/os/unix/exec.c?rev=897801&r1=897800&r2=897801&view=diff
==============================================================================
--- commons/sandbox/runtime/trunk/src/main/native/os/unix/exec.c (original)
+++ commons/sandbox/runtime/trunk/src/main/native/os/unix/exec.c Mon Jan 11
08:56:51 2010
@@ -57,6 +57,7 @@
#define PIPE_SIGPID 8
#define PIPE_SIGPID_RDS 8
#define PIPE_SIGPID_WRS 9
+#define PIPE_COUNT 10
ACR_DECLARE(acr_exec_t *) ACR_ExecNew(int flags)
{
@@ -140,8 +141,30 @@
return 0;
}
-static int do_exec(acr_exec_t *ep, const char *cmdline,
- char **argv,
+static int fdwalker(void *data , int fd)
+{
+ int i;
+ int *pipes = (int *)data;
+
+ if (fd < 3) {
+ /* Do not close std file descriptors
+ */
+ return 0;
+ }
+ for (i = 0; i < PIPE_COUNT; i++) {
+ if (pipes[i] == fd) {
+ /* This is one of our own's.
+ */
+ return 0;
+ }
+ }
+ /* Close the file
+ */
+ return close(fd);
+}
+
+static int do_exec(acr_exec_t *ep, const char *executable,
+ char *const *argv,
char *const *envp)
{
pid_t pid;
@@ -149,9 +172,9 @@
int i;
int rc = 0;
int exitval;
- int pipes[10] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 };
- int sigerr = 0;
- pid_t sigpid = 0;
+ int pipes[PIPE_COUNT] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 };
+ int sigerr = 0;
+ pid_t sigpid = 0;
/* By default process terminates when writting to a
* pipe with no readers.
@@ -167,7 +190,7 @@
ACR_PROC_HAS_STDOUT |
ACR_PROC_HAS_STDERR);
}
- /* Create standard stream pipes
+ /* Create standard stream pipes
*/
if (ep->flags & ACR_PROC_HAS_STDIN && ep->data.iov_len) {
if ((rc = pipepair(&pipes[PIPE_STDINP], ACR_PIPE_READ_BLOCK)))
@@ -200,12 +223,6 @@
}
else if (pid == 0) {
/* Child process */
- const char *args[4];
-
- args[0] = SHELL_PATH;
- args[1] = "-c";
- args[2] = cmdline;
- args[3] = NULL;
/* Close child side of pipes
*/
@@ -219,7 +236,7 @@
* This forces parent to wait until actual
* exec is performed or until the error is
* written to the signal pipe.
- * In case of detached process the close
+ * In case of detached process the close
*/
if (!(ep->flags & ACR_PROC_DETACHED)) {
acr_cloexec(pipes[PIPE_SIGERR_WRS]);
@@ -276,6 +293,10 @@
}
i_close(&pipes[PIPE_STDOUT_WRS]);
i_close(&pipes[PIPE_STDERR_WRS]);
+ /* Close all descriptors except our pipes
+ * using fdwalk
+ */
+ fdwalk(fdwalker, pipes);
/* Only try to switch if we are running as root
*/
@@ -294,14 +315,12 @@
if ((rc = limit_proc(&ep->limit)))
goto child_cleanup;
- if (argv == NULL)
- argv = (char **)args;
if (ep->flags & ACR_PROC_DETACHED) {
/* Time to do detach the process.
*/
/* Should this be configurable ?
- */
+ */
umask(0077);
if (chdir("/") == -1) {
@@ -355,15 +374,15 @@
}
}
if (envp)
- execve(argv[0], (char * const *)argv, envp);
+ execve(executable, argv, envp);
else {
if (ep->flags & ACR_PROC_USE_PATH) {
if (!getenv("PATH"))
ACR_EnvSet("PATH", DEFAULT_PATH);
- execvp(argv[0], (char * const *)argv);
+ execvp(executable, argv);
}
else
- execv(argv[0], (char * const *)argv);
+ execv(executable, argv);
}
rc = ACR_GET_OS_ERROR();
@@ -599,7 +618,7 @@
cleanup:
ep->exitwhy = ACR_PARENT_ERROR;
ep->exitval = rc;
- for (i = 0; i < 10; i++)
+ for (i = 0; i < PIPE_COUNT; i++)
s_close(pipes[i]);
ACR_Signal(SIGPIPE, SIG_DFL);
return ep->exitwhy;
@@ -608,7 +627,11 @@
ACR_DECLARE(int) ACR_ExecShellCmd(acr_exec_t *ep, const char *cmdline,
char *const *envp)
{
- return do_exec(ep, cmdline, NULL, envp);
+ int rc;
+ const char *sa[4] = { SHELL_PATH, "-c", cmdline, NULL };
+ rc = do_exec(ep, SHELL_PATH, (char *const *)sa, envp);
+
+ return rc;
}
ACR_DECLARE(int) ACR_ExecShellScript(acr_exec_t *ep, const char *fname,
@@ -624,7 +647,7 @@
ep->exitwhy = ACR_PARENT_ERROR;
return ep->exitwhy;
}
- rc = do_exec(ep, fname, args, envp);
+ rc = do_exec(ep, SHELL_PATH, args, envp);
x_free(args);
return rc;
