nmh-workers
[Top] [All Lists]

Re: [nmh-workers] closefds() _before_ fork?

2019-04-23 10:46:40
I agree with the general principle that if we open it, we track it, and
then close it so it doesn't reach the child, typically with O_CLOEXEC or
FD_CLOEXEC.  ...

to that end, i propose that we treat any open descriptor N>2 at the time 
of an exec() to be a bug, which is to be fixed by setting O_CLOEXEC at 
time of creation.

+1.

There are a few sneaky spots where we have to be careful; sometimes a
file is opened and then expected to be used as stdin for a child process;
there is also the unusual case of the -idanno flag, and it wouldn't surprise
me if there was another use of a file descriptor passed down to a child
process that I didn't know about.

I realize that dup2() clears the FD_CLOEXEC flag on the new file
descriptor so the "normal" case of an opened file being dup2() down to 0
would work correctly, but the wrinkle is that it does NOT if the old and
new file descriptor are the same.  That is admittedly unlikely, but it
could happen in a few cases so I'd like to be as robust as possible.

It seems like the right way forward, given that nowadays there are a lot
of spots where we could fork another process off, is that every descriptor
we open should have FD_CLOEXEC set (I added that to the networking code).
Considering we haven't done that in the past for a lot of cases it doesn't
seem like there's a lot of urgency, but we'll file this under "ongoing
cleanup"

--Ken

-- 
nmh-workers
https://lists.nongnu.org/mailman/listinfo/nmh-workers

<Prev in Thread] Current Thread [Next in Thread>