diff options
author | smitsohu <smitsohu@gmail.com> | 2020-08-03 19:20:32 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-03 19:20:32 +0200 |
commit | b41532ab6c8578fd6df254a41d1be54c9331aa3f (patch) | |
tree | 978e2796a3ca9ad6e594e9f0e2a7ae5d1c4e8db2 /m4 | |
parent | Remove unused dummy source file (diff) | |
download | firejail-b41532ab6c8578fd6df254a41d1be54c9331aa3f.tar.gz firejail-b41532ab6c8578fd6df254a41d1be54c9331aa3f.tar.zst firejail-b41532ab6c8578fd6df254a41d1be54c9331aa3f.zip |
don't run with closed standard streams
Ensure that all standard streams are open and we don't inadvertently print to files opened for a different reason; in general we can expect glibc
to take care of this, but it doesn't cover the case where a sandbox is started by root. The added code also serves as a fallback.
Unrelated: For what it's worth, shift umask call closer to main start, so it runs before lowering privileges and before anything can really go wrong.
Diffstat (limited to 'm4')
0 files changed, 0 insertions, 0 deletions