+/*
+ * safe_fork - Create a child process. The child closes all the
+ * file descriptors that we don't want to leak to a script.
+ * The parent waits for the child to do this before returning.
+ */
+pid_t
+safe_fork()
+{
+ pid_t pid;
+ int pipefd[2];
+ char buf[1];
+
+ if (pipe(pipefd) == -1)
+ pipefd[0] = pipefd[1] = -1;
+ pid = fork();
+ if (pid < 0)
+ return -1;
+ if (pid > 0) {
+ close(pipefd[1]);
+ /* this read() blocks until the close(pipefd[1]) below */
+ while (read(pipefd[0], buf, 1) < 0)
+ if (errno != EINTR)
+ break;
+ close(pipefd[0]);
+ return pid;
+ }
+ sys_close();
+#ifdef USE_TDB
+ tdb_close(pppdb);
+#endif
+ notify(fork_notifier, 0);
+ close(pipefd[0]);
+ /* this close unblocks the read() call above in the parent */
+ close(pipefd[1]);
+ return 0;
+}