From dbecd3d6eeafb099bf946511d6885f74a0b80c9d Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 27 Apr 2023 15:33:01 +0200
Subject: =?UTF-8?q?shutdown:=20paranoia=20=E2=80=93=20close=20all=20fds=20?=
 =?UTF-8?q?we=20might=20get=20passed=20in?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We don't expect any fds (beyond 0…2) to be passed from the service
manager into systemd-shutdown, but let's better be safe then sorry.
---
 src/shutdown/shutdown.c | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/shutdown')

diff --git a/src/shutdown/shutdown.c b/src/shutdown/shutdown.c
index b1dac20c69..802be44a79 100644
--- a/src/shutdown/shutdown.c
+++ b/src/shutdown/shutdown.c
@@ -338,6 +338,12 @@ int main(int argc, char *argv[]) {
         char *arguments[3];
         int cmd, r;
 
+        /* Close random fds we might have get passed, just for paranoia, before we open any new fds, for
+         * example for logging. After all this tool's purpose is about detaching any pinned resources, and
+         * open file descriptors are the primary way to pin resources. Note that we don't really expect any
+         * fds to be passed here. */
+        (void) close_all_fds(NULL, 0);
+
         /* The log target defaults to console, but the original systemd process will pass its log target in through a
          * command line argument, which will override this default. Also, ensure we'll never log to the journal or
          * syslog, as these logging daemons are either already dead or will die very soon. */
-- 
cgit v1.2.1