safe_cd

in common-src/file.c

Change the current working directory to a "safe" location. This is necessary for a variety of reasons:

• Core files will be created in the working directory, so it should be writeable by the current user.
• The current directory of a process represents an open file on that filesystem, preventing it from being unmounted. Best practices dictate that long-lived processes should cd to / or a well-known location.

safe_env

in common-src/alloc.c

Strip any unknown symbols from the environment. This protects the programs Amanda invokes from stray environment variables that might influence their operation.

safe_fd

in common-src/file.c

This function closes all descriptors execpt stdin, stdout, and stderr, and makes sure those three are open. Use this function when spawning a new process to ensure it isn't exec'd with any stray descriptors open.

WARNING: fork and threads

fork() is not very compatible with threads - see pthread_atfork. When forking a new process, the child's execution between fork() and exec*() must be very, very limited. In particular, do not call debug functions (g_debug, g_error, or error) or do anything else that may try to acquire a lock.