-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to Florian Weimer on 8/28/2009 6:52 AM: > * Eric Blake: > >> Your version fails to clear the cloexec bit of the final fd if the >> original caller didn't request O_CLOEXEC. > > Okay, but you can fix that in a race-free manner (but I thought that > this was implied by open_safer).
The current semantics of gnulib's open_safer is that the result is guaranteed to be 3 or larger. It would require an audit of all gnulib clients of the open_safer method to see whether it also makes sense to change the semantics of open_safer to also guarantee that fds start life with the cloexec bit set. But maybe that is a change worth making in gnulib, with applications intending to give an fd to a child process being required to explicitly clear the cloexec bit. >> Also, your suggestion has a definite race in that you are calling >> open() multiple times rather than cloning an existing fd after the >> first open(), such that another process could alter which file is >> visited between your first and last open(). > > Sure, but this is an unobservable differen.ce It is absolutely observable - if the user passed O_CREAT|O_EXCL as part of their flags, then the second open() will inappropriately fail. - -- Don't work too hard, make some time for fun as well! Eric Blake e...@byu.net -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqX1egACgkQ84KuGfSFAYDKWACeMM4spqCsmgVVwME9+C/1tdpU g7wAnR9FetGPGr7acXLfLIVvzYZ7tpz3 =VjUY -----END PGP SIGNATURE-----
