[Libguestfs] [PATCH nbdkit 2/3] server: Disallow -FD for stdin/stdout/stderr.

[Richard W.M. Jones]

  $ ./nbdkit ssh host=localhost /nosuchfile password=-0 --run 'qemu-img info $nbd'
  abc
  fcntl: Bad file descriptor

The reason for this is that we close the file descriptor after reading
the password.  Closing stdin causes bad stuff to happen.
---
 docs/nbdkit-plugin.pod | 5 +++++
 server/public.c        | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/docs/nbdkit-plugin.pod b/docs/nbdkit-plugin.pod
index 612688ab..7b8a5393 100644
--- a/docs/nbdkit-plugin.pod
+++ b/docs/nbdkit-plugin.pod
@@ -1249,6 +1249,11 @@ passed in a file.
 
 C<password=-> can only be used when stdin is a terminal.
 
+C<password=-FD> cannot be used with stdin, stdout or stderr
+(ie. C<-0>, C<-1> or C<-2>).  The reason is that after reading the
+password the file descriptor is closed, which causes bad stuff to
+happen.
+
 =head2 Safely interacting with stdin and stdout
 
  int nbdkit_stdio_safe (void);
diff --git a/server/public.c b/server/public.c
index dafdfbae..2e36e43a 100644
--- a/server/public.c
+++ b/server/public.c
@@ -433,8 +433,8 @@ nbdkit_read_password (const char *value, char **password)
 
     if (nbdkit_parse_int ("password file descriptor", &value[1], &fd) == -1)
       return -1;
-    if (fd == STDIN_FILENO && !nbdkit_stdio_safe ()) {
-      nbdkit_error ("stdin is not available for reading password");
+    if (fd == STDIN_FILENO || fd == STDOUT_FILENO || fd == STDERR_FILENO) {
+      nbdkit_error ("cannot use password -FD for stdin/stdout/stderr");
       return -1;
     }
     if (read_password_from_fd (&value[1], fd, password) == -1)
-- 
2.25.0