close /dev/tty in lisp itself instead of rm /dev/tty

the previous solution was a hack and this should be much better

Dockerfile

@@ -54,7 +54,6 @@ EXPOSE 8080
 
 HEALTHCHECK --interval=1m --timeout=3s CMD curl -f 'http://localhost:8080/goemaxima?health=1'
 
-# rm /dev/tty because we do not want it to be opened by maxima for security reasons,
-# and clear tmp because when kubernetes restarts a pod, it keeps the /tmp content even if it's tmpfs,
+# clear tmp because when kubernetes restarts a pod, it keeps the /tmp content even if it's tmpfs,
 # which means that on a restart caused by an overfull tmpfs, it will keep restarting in a loop
-CMD rm /dev/tty && cd /tmp && rm --one-file-system -rf * && exec tini ${BIN}/goweb ${BIN}/maxima-optimised
+CMD cd /tmp && rm --one-file-system -rf * && exec tini ${BIN}/goweb ${BIN}/maxima-optimised

assets/maxima-fork.lisp

@@ -23,6 +23,10 @@
   #+sb-thread (sb-thread::with-system-mutex (sb-thread::*make-thread-lock*)
 		(sb-impl::finalizer-thread-stop))
   (finish-output)
+  ;;; in order to prevent TIOCSTI related shenanigans, close the tty
+  ;;; (the native C function calls closefrom(3) so the tty fd will be closed as well)
+  (close *terminal-io*)
+  (setf *terminal-io* (make-two-way-stream sb-sys:*stdin* sb-sys:*stdout*))
   (let ((tmp-dir (fork-new-process)))
     #+sb-thread (sb-impl::finalizer-thread-start)
     (when (not tmp-dir)