popen bug, extension
Tue Aug 18 16:59:00 GMT 2009
Go ahead and commit. Just fix the typo "wries" in your documentation.
-- Jeff J.
Eric Blake wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> popen has a bug where it leaks fds to subsequent popen child processes if
> fcntl is not supported, or if the parent explicitly messes with fcntl
> after the fact. Since it already maintains a list of popen'd fds in the
> parent, we can exploit that list to obey POSIX without using FD_CLOEXEC in
> the first place (and strace testing on recent BSD, Solaris, and glibc
> hints that similar list management is being done in those implementations,
> rather than use of FD_CLOEXEC).
> Meanwhile, the use of FD_CLOEXEC is still nice if you plan on spawning
> non-popen children (and have fcntl support), enough so that glibc supports
> popen(cmd,"re") to create a stream with the cloexec bit already set.
> And documentation is always nice.
> OK to commit? I have plans for an eventual followup patch to use pipe2 on
> platforms that support that, so that a mode of "re" can atomically set the
> cloexec bit in the parent (it still requires just as many syscalls, since
> the child process then has to undo the cloexec bit on its side of the
> pipe. But using pipe2 would close a security hole where the parent's fd
> can be leaked in a multi-threaded process if another thread does a
> fork/exec between popen's use of pipe and vfork). But no point
> writing/testing that patch until pipe2 is more widely supported.
> 2009-08-18 Eric Blake <email@example.com>
> Improve popen compatibility with glibc.
> * libc/posix/popen.c (popen): The 2006-08-22 change to use
> FD_CLOEXEC disagrees with other implementations; instead, use
> pidlist to work even when fcntl is not available. Meanwhile,
> support the 'e' modifier to set CLOEXEC, as in glibc. Drop
> cygwin-specific code, now that cygwin has its own version.
> * libc/posix/Makefile.am (CHEWOUT_FILES): Document popen.
> * libc/posix/posix.tex: New file.
> - --
> Don't work too hard, make some time for fun as well!
> Eric Blake firstname.lastname@example.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (Cygwin)
> Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> -----END PGP SIGNATURE-----
More information about the Newlib