| commit | a21e890f82258c17ee47895fa28bb62937eb1af9 | |
| author | Lubomir Rintel <lkundrak@v3.sk> | |
| Mon, 4 Oct 2021 13:40:29 +0000 (4 15:40 +0200) | ||
| committer | Mark Wielaard <mark@klomp.org> | |
| Tue, 12 Oct 2021 20:58:45 +0000 (12 22:58 +0200) | ||
| tree | ac232d7e22569dd62fead2a7eaeede0dcc37c614 | treesnapshot (tar.gz zip) |
| parent | cf9ebf8313952caed53394498fe849251f477c97 | commitdiff |
Add close_range(2) support
This is a system call introduced in Linux 5.9.
It's typically used to bulk-close file descriptors that a process inherited
without having desired so and doesn't want to pass them to its offspring
for security reasons. For this reason the sensible upper limit value tends
to be unknown and the users prefer to stay on the safe side by setting it
high.
This is a bit peculiar because, if unfiltered, the syscall could end up
closing descriptors Valgrind uses for its purposes, ending in no end of
mayhem and suffering.
This patch adjusts the upper bounds to a safe value and then skips over
the descriptor Valgrind uses by potentially calling the real system call
with sub-ranges that are safe to close.
The call can fail on negative ranges and bad flags -- we're dealing with
the first condition ourselves while letting the real call fail on bad
flags.
https://bugs.kde.org/show_bug.cgi?id=439090
This is a system call introduced in Linux 5.9.
It's typically used to bulk-close file descriptors that a process inherited
without having desired so and doesn't want to pass them to its offspring
for security reasons. For this reason the sensible upper limit value tends
to be unknown and the users prefer to stay on the safe side by setting it
high.
This is a bit peculiar because, if unfiltered, the syscall could end up
closing descriptors Valgrind uses for its purposes, ending in no end of
mayhem and suffering.
This patch adjusts the upper bounds to a safe value and then skips over
the descriptor Valgrind uses by potentially calling the real system call
with sub-ranges that are safe to close.
The call can fail on negative ranges and bad flags -- we're dealing with
the first condition ourselves while letting the real call fail on bad
flags.
https://bugs.kde.org/show_bug.cgi?id=439090
15 files changed: