From c77439298591792601f8c3f4c94950ef6e2c542a Mon Sep 17 00:00:00 2001
From: moneromooo-monero <moneromooo-monero@users.noreply.github.com>
Date: Tue, 16 Oct 2018 18:08:36 +0000
Subject: spawn: close all file descriptors before execve

No need to give whatever we're calling access to what we use
---
 src/common/spawn.cpp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/common/spawn.cpp')

diff --git a/src/common/spawn.cpp b/src/common/spawn.cpp
index 59f11675c..0a2ce8387 100644
--- a/src/common/spawn.cpp
+++ b/src/common/spawn.cpp
@@ -38,6 +38,7 @@
 #endif
 
 #include "misc_log_ex.h"
+#include "util.h"
 #include "spawn.h"
 
 namespace tools
@@ -101,6 +102,8 @@ int spawn(const char *filename, const std::vector<std::string>& args, bool wait)
   // child
   if (pid == 0)
   {
+    tools::closefrom(3);
+    close(0);
     char *envp[] = {NULL};
     execve(filename, argv, envp);
     MERROR("Failed to execve: " << strerror(errno));
-- 
cgit v1.2.3