Mark McLoughlin <markmc@xxxxxxxxxx> wrote:
> Implement a sane policy around our use of FD_CLOEXEC:
>
> 1) Every descriptor which shouldn't be passed to
> child processes should have the flag set
>
> 2) Let exec() do the descriptor closing, rather
> than us doing it ourselves
...
> - for (i = 0; i < open_max; i++) {
> - if (i != STDOUT_FILENO &&
> - i != STDERR_FILENO &&
> - i != STDIN_FILENO)
> - close(i);
> - else if (errors == NO_ERRORS)
> - dup2(null, i);
> + if (errors == NO_ERRORS) {
> + dup2(null, STDIN_FILENO);
> + dup2(null, STDOUT_FILENO);
> + dup2(null, STDERR_FILENO);
> + close(null);
> }
True, dup2 failure wasn't checked before either,
but it *can* fail. Best to diagnose it, just in case.