popen bug, extension
Jeff Johnston
jjohnstn@redhat.com
Tue Aug 18 16:59:00 GMT 2009
Hi Eric,
Go ahead and commit. Just fix the typo "wries" in your documentation.
-- Jeff J.
Eric Blake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> popen has a bug where it leaks fds to subsequent popen child processes if
> fcntl is not supported, or if the parent explicitly messes with fcntl
> after the fact. Since it already maintains a list of popen'd fds in the
> parent, we can exploit that list to obey POSIX without using FD_CLOEXEC in
> the first place (and strace testing on recent BSD, Solaris, and glibc
> hints that similar list management is being done in those implementations,
> rather than use of FD_CLOEXEC).
>
> Meanwhile, the use of FD_CLOEXEC is still nice if you plan on spawning
> non-popen children (and have fcntl support), enough so that glibc supports
> popen(cmd,"re") to create a stream with the cloexec bit already set.
>
> And documentation is always nice.
>
> OK to commit? I have plans for an eventual followup patch to use pipe2 on
> platforms that support that, so that a mode of "re" can atomically set the
> cloexec bit in the parent (it still requires just as many syscalls, since
> the child process then has to undo the cloexec bit on its side of the
> pipe. But using pipe2 would close a security hole where the parent's fd
> can be leaked in a multi-threaded process if another thread does a
> fork/exec between popen's use of pipe and vfork). But no point
> writing/testing that patch until pipe2 is more widely supported.
>
> 2009-08-18 Eric Blake <ebb9@byu.net>
>
> Improve popen compatibility with glibc.
> * libc/posix/popen.c (popen): The 2006-08-22 change to use
> FD_CLOEXEC disagrees with other implementations; instead, use
> pidlist to work even when fcntl is not available. Meanwhile,
> support the 'e' modifier to set CLOEXEC, as in glibc. Drop
> cygwin-specific code, now that cygwin has its own version.
> * libc/posix/Makefile.am (CHEWOUT_FILES): Document popen.
> * libc/posix/posix.tex: New file.
>
> - --
> Don't work too hard, make some time for fun as well!
>
> Eric Blake ebb9@byu.net
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Cygwin)
> Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAkqKy5kACgkQ84KuGfSFAYCo3wCfXkL+Jatgc/xmfzZLVybJEYVG
> HGgAnj/LMpVRnLBtzrY4KBgWbLr1rYaB
> =v7Og
> -----END PGP SIGNATURE-----
>
More information about the Newlib
mailing list