adjust hiding client input to satisfy toybox

when done reading from the client, we defensively close stdin, to
prevent potential bugs being exploitable to malicious input

toybox opens /dev/null if stdin does not exist, which crashes in a
chrooted evironment. piping in an empty string more or less
accomplishes the same thing as closing stdin would

i really do not know why toybox found this necessary.

diff --git a/visible-to-httpd/binaries/http-error-response.execline b/visible-to-httpd/binaries/http-error-response.execline
index 7add6c12b996dd6112a20261438fe2560d3c9773..0311e21a28e7ff8df37ff1eecc6ef71a0d2975fe 100755 (executable)
--- a/visible-to-httpd/binaries/http-error-response.execline
+++ b/visible-to-httpd/binaries/http-error-response.execline
@@ -4,7 +4,7 @@
 # if `configuration/status-code/table/${hostname}/${STATUS_CODE} exists, `cat(1)` that
 # otherwise, fall back on a very generic error message
 
-fdclose 0
+heredoc 0 ""
 foreground {
        if -t { s6-test \${#} = 3 }
                log.execline "fatal: ??"${1}"??: "${3}

diff --git a/visible-to-httpd/binaries/httpd.execline b/visible-to-httpd/binaries/httpd.execline
index 85903ea332fb788c3b3eecdb099a35ca8575b72a..86c7a9f41450f7fe870326085a80f79173a15026 100755 (executable)
--- a/visible-to-httpd/binaries/httpd.execline
+++ b/visible-to-httpd/binaries/httpd.execline
@@ -91,7 +91,7 @@ if -X -n -t {
        importas -i hostname http_header_parse_Host
 
        # we don’t need to read anything more from the client
-       fdclose 0
+       heredoc 0 ""
 
        foreground {
                log.execline