From 8fb7574646e34ad73d9a460196b9ab6d4ae2e45a Mon Sep 17 00:00:00 2001
From: Lennart Kramer <lennart.kramer@stud.uni-goettingen.de>
Date: Wed, 20 Jul 2022 15:50:22 +0200
Subject: [PATCH] close /dev/tty in lisp itself instead of rm /dev/tty

the previous solution was a hack and this should be much better
---
 Dockerfile              | 5 ++---
 assets/maxima-fork.lisp | 4 ++++
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 2311e7d..0183d7e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -54,7 +54,6 @@ EXPOSE 8080
 
 HEALTHCHECK --interval=1m --timeout=3s CMD curl -f 'http://localhost:8080/goemaxima?health=1'
 
-# rm /dev/tty because we do not want it to be opened by maxima for security reasons,
-# and clear tmp because when kubernetes restarts a pod, it keeps the /tmp content even if it's tmpfs,
+# clear tmp because when kubernetes restarts a pod, it keeps the /tmp content even if it's tmpfs,
 # which means that on a restart caused by an overfull tmpfs, it will keep restarting in a loop
-CMD rm /dev/tty && cd /tmp && rm --one-file-system -rf * && exec tini ${BIN}/goweb ${BIN}/maxima-optimised
+CMD cd /tmp && rm --one-file-system -rf * && exec tini ${BIN}/goweb ${BIN}/maxima-optimised
diff --git a/assets/maxima-fork.lisp b/assets/maxima-fork.lisp
index 2d1b365..a70e320 100644
--- a/assets/maxima-fork.lisp
+++ b/assets/maxima-fork.lisp
@@ -23,6 +23,10 @@
   #+sb-thread (sb-thread::with-system-mutex (sb-thread::*make-thread-lock*)
 		(sb-impl::finalizer-thread-stop))
   (finish-output)
+  ;;; in order to prevent TIOCSTI related shenanigans, close the tty
+  ;;; (the native C function calls closefrom(3) so the tty fd will be closed as well)
+  (close *terminal-io*)
+  (setf *terminal-io* (make-two-way-stream sb-sys:*stdin* sb-sys:*stdout*))
   (let ((tmp-dir (fork-new-process)))
     #+sb-thread (sb-impl::finalizer-thread-start)
     (when (not tmp-dir)
-- 
GitLab