[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [Libevent-users] [PATCH] Make evutil_read_file() close-on-exec safe.

To: libevent-users@xxxxxxxxxxxxx
Subject: Re: [Libevent-users] [PATCH] Make evutil_read_file() close-on-exec safe.
From: Nick Mathewson <nickm@xxxxxxxxxxxxx>
Date: Sat, 11 Feb 2012 11:48:40 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: libevent-users-outgoing@xxxxxxxx
Delivered-to: libevent-users@xxxxxxxx
Delivery-date: Sat, 11 Feb 2012 11:48:49 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=+VXAahf19L6FlrWUQZ9ewipb6PSyjV3+45+M4uw3dVE=; b=jvTxNsqQdn0mIGfTpW9/7OGL5jJ79/gZHOKNVHnJIwa6dWbtvgZM6tIS4UQIxhcIzm JyjYJPYns+LBTvtK2AfVwPa5XH6Ib2bH00L3rzTGSSGCPlkmH2DW5PQ4Z4CHdHVC+yRc 7SvRUy7iu//Dr7o4r/uNDWF8SL2wHaOnSDBIw=
In-reply-to: <1328974460-13955-1-git-send-email-rosslagerwall@xxxxxxxxx>
References: <1328974460-13955-1-git-send-email-rosslagerwall@xxxxxxxxx>
Reply-to: libevent-users@xxxxxxxxxxxxx
Sender: owner-libevent-users@xxxxxxxxxxxxx

On Sat, Feb 11, 2012 at 10:34 AM, Ross Lagerwall
<rosslagerwall@xxxxxxxxx> wrote:
> In a multi-process/threaded environment, ev_util_read_file()
> could leak fds to child processes when not using O_CLOEXEC/FD_CLOEXEC.

Hm.  I'm not sure I trust "#ifdef O_CLOEXEC" as a test for whether
open() supports O_CLOEXEC.  Generally, I'd prefer a solution that
falls back gracefully if Libevent is built with headers from a newer
libc/kernel and then run on an older kernel.  (This is a real concern:
it seems to happen to RHEL/Centos users pretty often.)

Unfortunately, it seems we can't just do a pattern of
   if ((fd = open(path, flags|O_CLOEXEC)) == -1) {
      fd = open(path, flags);
      if (fd == -1) return -1;
      fcntl(fd,...)
  }
because (if my tests are right) at least some implementations of
open() ignore unrecognized flags.

So given that, maybe the solution you suggest is the best we can do?

Additionally, I see 3 other open()s: two in arc4random.c and one in
devpoll.c.  Maybe this means we want an evutil_* wrapper function to
set CLOEXEC on fds.

thoughts?
-- 
Nick
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxx with
unsubscribe libevent-users    in the body.

Follow-Ups:
- Re: [Libevent-users] [PATCH] Make evutil_read_file() close-on-exec safe.
  - From: Ross Lagerwall

References:
- [Libevent-users] [PATCH] Make evutil_read_file() close-on-exec safe.
  - From: Ross Lagerwall

Prev by Author: Re: [Libevent-users] Pull request
Next by Author: Re: [Libevent-users] [PATCH] Make evutil_read_file() close-on-exec safe.
Previous by thread: [Libevent-users] [PATCH] Make evutil_read_file() close-on-exec safe.
Next by thread: Re: [Libevent-users] [PATCH] Make evutil_read_file() close-on-exec safe.
Index(es):
- Author
- Thread