From 6ea6e1476ff4a18d4b4b864c3065d18ed99c69af Mon Sep 17 00:00:00 2001
From: Ludovic Courtès <ludo@gnu.org>
Date: Tue, 18 Dec 2018 14:51:56 +0100
Subject: file-systems: Spawn a REPL only when interaction is possible.

Fixes <https://bugs.gnu.org/23697>.
Reported by Jan Nieuwenhuizen <janneke@gnu.org>.

* gnu/build/file-systems.scm (check-file-system): Call 'start-repl' only
if current-input-port passes 'isatty?'.
* gnu/services/shepherd.scm (shepherd-configuration-file): After
'for-each' expression, call 'redirect-port'.
* gnu/tests/base.scm (run-basic-test)["stdin is /dev/null"]: New test.
---
 gnu/services/shepherd.scm | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'gnu/services')

diff --git a/gnu/services/shepherd.scm b/gnu/services/shepherd.scm
index 49d08cc30f..12d649f542 100644
--- a/gnu/services/shepherd.scm
+++ b/gnu/services/shepherd.scm
@@ -281,7 +281,17 @@ stored."
                             (start service)))
                         '#$(append-map shepherd-service-provision
                                        (filter shepherd-service-auto-start?
-                                               services)))))))
+                                               services)))
+
+              ;; Hang up stdin.  At this point, we assume that 'start' methods
+              ;; that required user interaction on the console (e.g.,
+              ;; 'cryptsetup open' invocations, post-fsck emergency REPL) have
+              ;; completed.  User interaction becomes impossible after this
+              ;; call; this avoids situations where services wrongfully lead
+              ;; PID 1 to read from stdin (the console), which users may not
+              ;; have access to (see <https://bugs.gnu.org/23697>).
+              (redirect-port (open-input-file "/dev/null")
+                             (current-input-port))))))
 
     (scheme-file "shepherd.conf" config)))
 
-- 
cgit v1.2.3