On Wed, Sep 02, 2009 at 06:12:18PM -0500, Nicolas Williams wrote: > On Wed, Sep 02, 2009 at 07:12:08PM -0400, James Carlson wrote: > > I think that's slightly inferior: it requires an extra fd for no reason > > at all and thus adds an unnecessary failure mode. I like the close(0), > > open, dup2(0,1), dup2(0,2) model better. And closing 1 and 2 first is > > even better for (implausible) security reasons. > > I prefer to fail with an extra fildes open for /dev/null (though the > code I posted wouldn't allow that) than to fail with no fildes 0. Yes, > it's just paranoia.
Oh, I suppose the close(2) could fail. (As could the dup2()s.) It's better if you fail with an extra /dev/null fildes, and/or without having succeeded at replacing stdin/out/err, than it would be to fail with no fildes 0.
