From eddb9419463e266c79d422ce5c4bbc91e579fbcd Mon Sep 17 00:00:00 2001
From: netblue30 <netblue30@yahoo.com>
Date: Wed, 19 Oct 2016 14:30:30 -0400
Subject: replaced exit with _exit in forked child

---
 src/faudit/syscall.c     |  3 ++-
 src/firejail/fs_bin.c    |  4 +++-
 src/firejail/fs_etc.c    |  4 +++-
 src/firejail/fs_home.c   |  2 +-
 src/firejail/ls.c        |  8 ++++----
 src/firejail/main.c      |  2 +-
 src/firejail/netfilter.c | 12 ++++++++----
 src/firejail/x11.c       | 12 ++++++------
 src/firemon/interface.c  |  2 +-
 9 files changed, 29 insertions(+), 20 deletions(-)

diff --git a/src/faudit/syscall.c b/src/faudit/syscall.c
index 9924be00f..3c87305df 100644
--- a/src/faudit/syscall.c
+++ b/src/faudit/syscall.c
@@ -92,7 +92,8 @@ void syscall_run(const char *name) {
 		errExit("fork");
 	if (child == 0) {
 		execl(prog, prog, "syscall", name, NULL);
-		exit(1);
+		perror("execl");
+		_exit(1);
 	}
 		
 	// wait for the child to finish
diff --git a/src/firejail/fs_bin.c b/src/firejail/fs_bin.c
index e65474f44..ba0633649 100644
--- a/src/firejail/fs_bin.c
+++ b/src/firejail/fs_bin.c
@@ -192,6 +192,8 @@ static void duplicate(char *fname) {
 				if (asprintf(&f, "%s/%s", RUN_BIN_DIR, fname) == -1)
 					errExit("asprintf");
 				execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", actual_path, f, NULL);
+				perror("execlp");
+				_exit(1);
 			}
 			// wait for the child to finish
 			waitpid(child, NULL, 0);
@@ -245,7 +247,7 @@ void fs_private_bin_list(void) {
 			duplicate(ptr);
 		free(dlist);	
 		fs_logger_print();
-		exit(0);
+		_exit(0);
 	}
 	// wait for the child to finish
 	waitpid(child, NULL, 0);
diff --git a/src/firejail/fs_etc.c b/src/firejail/fs_etc.c
index fc9e40ca0..de29c312e 100644
--- a/src/firejail/fs_etc.c
+++ b/src/firejail/fs_etc.c
@@ -106,6 +106,8 @@ static void duplicate(char *fname) {
 		if (asprintf(&f, "/etc/%s", fname) == -1)
 			errExit("asprintf");
 		execlp(RUN_CP_COMMAND, RUN_CP_COMMAND, "-a", "--parents", f, RUN_MNT_DIR, NULL);
+		perror("execlp");
+		_exit(1);
 	}
 	// wait for the child to finish
 	waitpid(child, NULL, 0);
@@ -169,7 +171,7 @@ void fs_private_etc_list(void) {
 				duplicate(ptr);
 			free(dlist);	
 			fs_logger_print();
-			exit(0);
+			_exit(0);
 		}
 		// wait for the child to finish
 		waitpid(child, NULL, 0);
diff --git a/src/firejail/fs_home.c b/src/firejail/fs_home.c
index bd3c404e9..75cc3e732 100644
--- a/src/firejail/fs_home.c
+++ b/src/firejail/fs_home.c
@@ -641,7 +641,7 @@ void fs_private_home_list(void) {
 
 		fs_logger_print();	// save the current log
 		free(dlist);
-		exit(0);
+		_exit(0);
 	}
 	// wait for the child to finish
 	waitpid(child, NULL, 0);
diff --git a/src/firejail/ls.c b/src/firejail/ls.c
index 39efaa0a6..dba82be0b 100644
--- a/src/firejail/ls.c
+++ b/src/firejail/ls.c
@@ -358,7 +358,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) {
 				fprintf(stderr, "Error: Cannot read %s\n", fname1);
 				exit(1);
 			}
-			exit(0);
+			_exit(0);
 		}
 
 		// wait for the child to finish
@@ -391,7 +391,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) {
 					exit(1);
 				}
 				fclose(fp);
-				exit(0);
+				_exit(0);
 			}
 
 			// wait for the child to finish
@@ -445,7 +445,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) {
 				fprintf(stderr, "Error: Cannot read %s\n", src_fname);
 				exit(1);
 			}
-			exit(0);
+			_exit(0);
 		}
 
 		// wait for the child to finish
@@ -494,7 +494,7 @@ void sandboxfs(int op, pid_t pid, const char *path1, const char *path2) {
 				}
 			}
 
-			exit(0);
+			_exit(0);
 		}
 
 		// wait for the child to finish
diff --git a/src/firejail/main.c b/src/firejail/main.c
index 987a79d1c..0872a11bb 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -2506,7 +2506,7 @@ int main(int argc, char **argv) {
 			network_main(child);
 			if (arg_debug)
 				printf("Host network configured\n");			
-			exit(0);			
+			_exit(0);			
 		}
 
 		// wait for the child to finish
diff --git a/src/firejail/netfilter.c b/src/firejail/netfilter.c
index b50d61039..c1f9a2c37 100644
--- a/src/firejail/netfilter.c
+++ b/src/firejail/netfilter.c
@@ -145,7 +145,8 @@ void netfilter(const char *fname) {
 		// wipe out environment variables
 		environ = NULL;
 		execl(iptables_restore, iptables_restore, NULL);
-		// it will never get here!!!
+		perror("execl");
+		_exit(1);
 	}
 	// wait for the child to finish
 	waitpid(child, NULL, 0);
@@ -163,7 +164,8 @@ void netfilter(const char *fname) {
 				errExit("setregid");
 			environ = NULL;
 			execl(iptables, iptables, "-vL", NULL);
-			// it will never get here!!!
+			perror("execl");
+			_exit(1);
 		}
 		// wait for the child to finish
 		waitpid(child, NULL, 0);
@@ -256,7 +258,8 @@ void netfilter6(const char *fname) {
 		// wipe out environment variables
 		environ = NULL;
 		execl(ip6tables_restore, ip6tables_restore, NULL);
-		// it will never get here!!!
+		perror("execl");
+		_exit(1);
 	}
 	// wait for the child to finish
 	waitpid(child, NULL, 0);
@@ -269,7 +272,8 @@ void netfilter6(const char *fname) {
 		if (child == 0) {
 			environ = NULL;
 			execl(ip6tables, ip6tables, "-vL", NULL);
-			// it will never get here!!!
+			perror("execl");
+			_exit(1);
 		}
 		// wait for the child to finish
 		waitpid(child, NULL, 0);
diff --git a/src/firejail/x11.c b/src/firejail/x11.c
index d40d349e1..c79f1a74e 100644
--- a/src/firejail/x11.c
+++ b/src/firejail/x11.c
@@ -314,7 +314,7 @@ void x11_start_xephyr(int argc, char **argv) {
 	
 		execvp(server_argv[0], server_argv);
 		perror("execvp");
-		exit(1);
+		_exit(1);
 	}
 
 	if (arg_debug)
@@ -355,7 +355,7 @@ void x11_start_xephyr(int argc, char **argv) {
 
 		execvp(jail_argv[0], jail_argv);
 		perror("execvp");
-		exit(1);
+		_exit(1);
 	}
 
 	// cleanup
@@ -434,7 +434,7 @@ void x11_start_xpra(int argc, char **argv) {
 	
 		execvp(server_argv[0], server_argv);
 		perror("execvp");
-		exit(1);
+		_exit(1);
 	}
 
 	// check X11 socket
@@ -480,7 +480,7 @@ void x11_start_xpra(int argc, char **argv) {
 
 		execvp(attach_argv[0], attach_argv);
 		perror("execvp");
-		exit(1);
+		_exit(1);
 	}
 
 	setenv("DISPLAY", display_str, 1);
@@ -536,7 +536,7 @@ void x11_start_xpra(int argc, char **argv) {
 				}
 				execvp(stop_argv[0], stop_argv);
 				perror("execvp");
-				exit(1);
+				_exit(1);
 			}
 
 			// wait for xpra server to stop, 10 seconds limit
@@ -672,7 +672,7 @@ void x11_xorg(void) {
 		execlp("/usr/bin/xauth", "/usr/bin/xauth", "-f", RUN_XAUTHORITY_SEC_FILE,
 			"generate", display, "MIT-MAGIC-COOKIE-1", "untrusted", NULL); 
 		
-		exit(0);
+		_exit(0);
 	}
 	// wait for the child to finish
 	waitpid(child, NULL, 0);
diff --git a/src/firemon/interface.c b/src/firemon/interface.c
index 5a89e1491..bceed93d3 100644
--- a/src/firemon/interface.c
+++ b/src/firemon/interface.c
@@ -146,7 +146,7 @@ static void print_sandbox(pid_t pid) {
 			return;
 		net_ifprint();
 		printf("\n");
-		exit(0);
+		_exit(0);
 	}
 	
 	// wait for the child to finish
-- 
cgit v1.2.3-54-g00ecf