popen bug, extension

Jeff Johnston jjohnstn@redhat.com
Tue Aug 18 16:59:00 GMT 2009

Hi Eric,

Go ahead and commit.  Just fix the typo "wries" in your documentation.

-- Jeff J.

Eric Blake wrote:
> Hash: SHA1
> popen has a bug where it leaks fds to subsequent popen child processes if
> fcntl is not supported, or if the parent explicitly messes with fcntl
> after the fact.  Since it already maintains a list of popen'd fds in the
> parent, we can exploit that list to obey POSIX without using FD_CLOEXEC in
> the first place (and strace testing on recent BSD, Solaris, and glibc
> hints that similar list management is being done in those implementations,
> rather than use of FD_CLOEXEC).
> Meanwhile, the use of FD_CLOEXEC is still nice if you plan on spawning
> non-popen children (and have fcntl support), enough so that glibc supports
> popen(cmd,"re") to create a stream with the cloexec bit already set.
> And documentation is always nice.
> OK to commit?  I have plans for an eventual followup patch to use pipe2 on
> platforms that support that, so that a mode of "re" can atomically set the
> cloexec bit in the parent (it still requires just as many syscalls, since
> the child process then has to undo the cloexec bit on its side of the
> pipe.  But using pipe2 would close a security hole where the parent's fd
> can be leaked in a multi-threaded process if another thread does a
> fork/exec between popen's use of pipe and vfork).  But no point
> writing/testing that patch until pipe2 is more widely supported.
> 2009-08-18  Eric Blake  <ebb9@byu.net>
> 	Improve popen compatibility with glibc.
> 	* libc/posix/popen.c (popen): The 2006-08-22 change to use
> 	FD_CLOEXEC disagrees with other implementations; instead, use
> 	pidlist to work even when fcntl is not available.  Meanwhile,
> 	support the 'e' modifier to set CLOEXEC, as in glibc.  Drop
> 	cygwin-specific code, now that cygwin has its own version.
> 	* libc/posix/Makefile.am (CHEWOUT_FILES): Document popen.
> 	* libc/posix/posix.tex: New file.
> - --
> Don't work too hard, make some time for fun as well!
> Eric Blake             ebb9@byu.net
> Version: GnuPG v1.4.9 (Cygwin)
> Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> HGgAnj/LMpVRnLBtzrY4KBgWbLr1rYaB
> =v7Og

More information about the Newlib mailing list