From acdf988c24c51129ed3ad9929b6ed8482b9abe54 Mon Sep 17 00:00:00 2001 From: mlugg Date: Sun, 26 May 2024 01:50:54 +0100 Subject: [PATCH] std.process.Child: prevent racing children from inheriting progress pipes This fix is already in master branch for stdin, stdout, and stderr; this commit solves the same problem but for the progress pipe. Both fixes were originally included in one commit on this branch, however it was split it into two so that master branch could receive the fix before the progress branch is merged. --- lib/std/process/Child.zig | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/lib/std/process/Child.zig b/lib/std/process/Child.zig index c1f935a852..1be56fc489 100644 --- a/lib/std/process/Child.zig +++ b/lib/std/process/Child.zig @@ -587,8 +587,8 @@ fn spawnPosix(self: *ChildProcess) SpawnError!void { if (self.progress_node.index == .none) { break :p .{ -1, -1 }; } else { - // No CLOEXEC because the child needs access to this file descriptor. - break :p try posix.pipe2(.{ .NONBLOCK = true }); + // We use CLOEXEC for the same reason as in `pipe_flags`. + break :p try posix.pipe2(.{ .NONBLOCK = true, .CLOEXEC = true }); } }; errdefer destroyPipe(prog_pipe); @@ -655,11 +655,6 @@ fn spawnPosix(self: *ChildProcess) SpawnError!void { setUpChildIo(self.stderr_behavior, stderr_pipe[1], posix.STDERR_FILENO, dev_null_fd) catch |err| forkChildErrReport(err_pipe[1], err); if (prog_pipe[1] != -1) posix.dup2(prog_pipe[1], prog_fileno) catch |err| forkChildErrReport(err_pipe[1], err); - if (prog_pipe[1] != -1) { - if (prog_pipe[0] != prog_fileno) posix.close(prog_pipe[0]); - if (prog_pipe[1] != prog_fileno) posix.close(prog_pipe[1]); - } - if (self.cwd_dir) |cwd| { posix.fchdir(cwd.fd) catch |err| forkChildErrReport(err_pipe[1], err); } else if (self.cwd) |cwd| {