| commit | 5270936ced7738caef7b7302e4b02466f8e913bc | |
| author | Matthew Dillon <dillon@apollo.backplane.com> | |
| Wed, 27 Jul 2016 18:13:44 +0000 (27 11:13 -0700) | ||
| committer | Matthew Dillon <dillon@apollo.backplane.com> | |
| Wed, 27 Jul 2016 18:13:44 +0000 (27 11:13 -0700) | ||
| tree | 6927152d29ba2e039f76faa89cbeffdf3b84175d | treesnapshot (tar.gz zip) |
| parent | b4758707dd5c7257ed376de88139920e95589c78 | commitdiff |
libc - Fix numerous fork/exec*() leaks, also add mkostemp() and mkostemps().
* Use O_CLOEXEC in many places to prevent temporary descriptors from leaking
into fork/exec'd code (e.g. in multi-threaded situations).
* Note that the popen code will close any other popen()'d descriptors in
the child process that it forks just prior to exec. However, there was
a descriptor leak where another thread issuing popen() at the same time
could leak the descriptors into their exec.
Use O_CLOEXEC to close this hole.
* popen() now accepts the 'e' flag (i.e. "re") to retain O_CLOEXEC in the
returned descriptor. Normal "r" (etc) will clear O_CLOEXEC in the returned
descriptor.
Note that normal "r" modes are still fine for most use cases since popen
properly closes other popen()d descriptors in the fork(). BUT!! If the
threaded program calls exec*() in other ways, such descriptors may
unintentionally be passed onto sub-processes. So consider using "re".
* Add mkostemp() and mkostemps() to allow O_CLOEXEC to be passed in,
closing a thread race that would otherwise leak the temporary descriptor
into other fork/exec()s.
Taken-from: Mostly taken from FreeBSD
* Use O_CLOEXEC in many places to prevent temporary descriptors from leaking
into fork/exec'd code (e.g. in multi-threaded situations).
* Note that the popen code will close any other popen()'d descriptors in
the child process that it forks just prior to exec. However, there was
a descriptor leak where another thread issuing popen() at the same time
could leak the descriptors into their exec.
Use O_CLOEXEC to close this hole.
* popen() now accepts the 'e' flag (i.e. "re") to retain O_CLOEXEC in the
returned descriptor. Normal "r" (etc) will clear O_CLOEXEC in the returned
descriptor.
Note that normal "r" modes are still fine for most use cases since popen
properly closes other popen()d descriptors in the fork(). BUT!! If the
threaded program calls exec*() in other ways, such descriptors may
unintentionally be passed onto sub-processes. So consider using "re".
* Add mkostemp() and mkostemps() to allow O_CLOEXEC to be passed in,
closing a thread race that would otherwise leak the temporary descriptor
into other fork/exec()s.
Taken-from: Mostly taken from FreeBSD
20 files changed: