-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
According to Florian Weimer on 8/28/2009 6:52 AM:
> * Eric Blake:
>
>> Your version fails to clear the cloexec bit of the final fd if the
>> original caller didn't request O_CLOEXEC.
>
> Okay, but you can fix that in a race-free manner (but I thought
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
According to Florian Weimer on 8/28/2009 6:52 AM:
>> If the caller requested O_CLOEXEC, then your version takes 3, 5, or
>> 7 syscalls depending on how many std fds were closed, while my
>> version takes 3 syscalls regardless of how many std fds were c
* Eric Blake:
> Your version fails to clear the cloexec bit of the final fd if the
> original caller didn't request O_CLOEXEC.
Okay, but you can fix that in a race-free manner (but I thought that
this was implied by open_safer).
> If the caller requested O_CLOEXEC, then your version takes 3, 5,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
According to Florian Weimer on 8/27/2009 8:35 AM:
> * Eric Blake:
>
>> int open_safer (const char *name, int flags, int mode)
>> {
>> int fd = open (name, flags | O_CLOEXEC, mode);
>> if (0 <= fd && fd <= 2)
>> {
>> int dup = fcntl (fd,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
According to Ulrich Drepper on 8/27/2009 8:22 AM:
>> I hope that my example shows why doing it in the kernel is desirable -
>> there is no safe way to keep the pre-O_CLOEXEC efficiency using just the
>> library, but there IS a way to do it with kernel
On Thu, Aug 27, 2009 at 15:55, Davide Libenzi wrote:
> Can't the handling be done on close(), like (modulo some errno save/restore):
No. You can have any file descriptor closed when the process is
started. No close in the process with the special close.
On Thu, 27 Aug 2009, Eric Blake wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> According to Davide Libenzi on 8/25/2009 3:53 PM:
> >> Another solution is for the application to sanitize all newly-created
> >> fds: GNU coreutils provides a wrapper open_safer, which does nothing
> >>
* Eric Blake:
> int open_safer (const char *name, int flags, int mode)
> {
> int fd = open (name, flags | O_CLOEXEC, mode);
> if (0 <= fd && fd <= 2)
> {
> int dup = fcntl (fd, ((flags & O_CLOEXEC)
> ? F_DUPFD_CLOEXEC : F_DUPFD), 3);
> int saved_errn
On 08/27/2009 06:54 AM, Eric Blake wrote:
I hope that my example shows why doing it in the kernel is desirable -
there is no safe way to keep the pre-O_CLOEXEC efficiency using just the
library, but there IS a way to do it with kernel support:
You're describing a very special case where the per
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
According to Davide Libenzi on 8/25/2009 3:53 PM:
>> Another solution is for the application to sanitize all newly-created
>> fds: GNU coreutils provides a wrapper open_safer, which does nothing
>> extra in the common case that open() returned 3 or lar
On Tue, 25 Aug 2009, Eric Blake wrote:
> Another solution is for the application to sanitize all newly-created
> fds: GNU coreutils provides a wrapper open_safer, which does nothing
> extra in the common case that open() returned 3 or larger, but calls
> fcntl(n,F_DUPFD,3)/close(n) before returnin
Many applications have subtle bugs if started with one or more of the
STD*_FILENO file descriptors closed; although this is an uncommon
case, it should be considered during security audits. For example, an
attempt to write a message to stderr during 'cp a b >&- 2>&-' in a
naive implementation of '
12 matches
Mail list logo
