atagen/inshellah
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

run subprocesses in /tmp to avoid cwd pollution

Browse source 
Commands like ckb-next-dev-detect write side-effect files (reports,
tarballs) into the working directory when invoked with --help. Chdir
to /tmp around create_process_env so these don't land in the project
tree.
This commit is contained in:
atagen 2026-03-23 02:20:27 +11:00
parent 1d0d3465c1
commit 3080a5f64d
2 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
bin/main.ml
View file

@ -70,11 +70,16 @@ let run_cmd args timeout_ms =
let (rd, wr) = Unix.pipe () in
let devnull = Unix.openfile "/dev/null" [Unix.O_RDONLY] 0 in
let argv = Array.of_list args in
(* Run subprocesses in /tmp so commands that write side-effect files
(e.g. ckb-next-dev-detect-report.gz) don't pollute the working dir *)
let saved_cwd = Sys.getcwd () in
Sys.chdir "/tmp";
let pid =
try Unix.create_process_env (List.hd args) argv
(Lazy.force safe_env) devnull wr wr
with Unix.Unix_error _ ->
Unix.close rd; Unix.close wr; Unix.close devnull; -1 in
Sys.chdir saved_cwd;
Unix.close wr; Unix.close devnull;
if pid < 0 then (Unix.close rd; None)
else begin