From e6bbc83e0bf6d176d692eef51719672cd34011b1 Mon Sep 17 00:00:00 2001
From: Marek Marczykowski <marmarek@invisiblethingslab.com>
Date: Mon, 17 Oct 2011 02:08:53 +0200
Subject: [PATCH] vm: use fork/close/exec for calling editor (#358)

To make sure that path is properly passed (no shell escapes etc).
---
 appvm/vm-file-editor.c | 38 ++++++++++++++++++++++++++++++--------
 1 file changed, 30 insertions(+), 8 deletions(-)

diff --git a/appvm/vm-file-editor.c b/appvm/vm-file-editor.c
index 283bb3e1..dc72f3ba 100644
--- a/appvm/vm-file-editor.c
+++ b/appvm/vm-file-editor.c
@@ -51,23 +51,45 @@ main()
 	char cmdbuf[512];
 	struct stat stat_pre, stat_post;
 	char *filename = get_filename();
+	int child, status, log_fd;
 
 	copy_file(filename);
 	if (stat(filename, &stat_pre)) {
 		perror("stat pre");
 		exit(1);
 	}
-	snprintf(cmdbuf, sizeof(cmdbuf),
-		 "HOME=/home/user DISPLAY=:0 /usr/bin/mimeopen -n -M '%s' > /tmp/kde-open.log 2>&1 </dev/null",
-		 filename);
-	if (system(cmdbuf))
+	switch (child = fork()) {
+		case -1:
+			perror("fork");
+			exit(1);
+		case 0:
+			close(0);
+			log_fd = open("/tmp/mimeopen.log", O_CREAT | O_APPEND, 0666);
+			if (log_fd == -1) {
+				perror("open /tmp/mimeopen.log");
+				exit(1);
+			}
+			dup2(log_fd, 1);
+			dup2(log_fd, 2);
+			close(log_fd);
+
+			setenv("HOME", "/home/user", 1);
+			setenv("DISPLAY", ":0", 1);
+			execl("/usr/bin/mimeopen", "mimeopen", "-n", "-M", filename);
+			perror("execl");
+			exit(1);
+		default:
+			waitpid(child, &status, 0);
+			if (status != 0) {
 #ifdef USE_KDIALOG
-		system
-		    ("HOME=/home/user DISPLAY=:0 /usr/bin/kdialog --sorry 'Unable to handle mimetype of the requested file!' > /tmp/kdialog.log 2>&1 </dev/null");
+				system
+					("HOME=/home/user DISPLAY=:0 /usr/bin/kdialog --sorry 'Unable to handle mimetype of the requested file!' > /tmp/kdialog.log 2>&1 </dev/null");
 #else
-		system
-		    ("HOME=/home/user DISPLAY=:0 /usr/bin/zenity --error --text 'Unable to handle mimetype of the requested file!' > /tmp/kdialog.log 2>&1 </dev/null");
+				system
+					("HOME=/home/user DISPLAY=:0 /usr/bin/zenity --error --text 'Unable to handle mimetype of the requested file!' > /tmp/kdialog.log 2>&1 </dev/null");
 #endif
+			}
+	}
 
 	if (stat(filename, &stat_post)) {
 		perror("stat post");