lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 31 May 2007 12:17:52 -0700 (PDT)
From:	Davide Libenzi <davidel@...ilserver.org>
To:	Jakub Jelinek <jakub@...hat.com>
cc:	Ulrich Drepper <drepper@...hat.com>,
	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Ingo Molnar <mingo@...e.hu>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH] Introduce O_CLOEXEC (take >2)

On Thu, 31 May 2007, Jakub Jelinek wrote:

> On Thu, May 31, 2007 at 11:46:31AM -0700, Davide Libenzi wrote:
> > On Thu, 31 May 2007, Ulrich Drepper wrote:
> > > Davide Libenzi wrote:
> > > > Isn't this better be a global process flag? Default should be, for legacy
> > > > reasons,
> > > 
> > > No.  Policies are always wrong since it means code that cannot change
> > > the policy (e.g, all runtime libraries) have no access to the
> > > functionality.  I cannot set the policy to default to close-on-exit in
> > > glibc all the while the application assumes this is not the case.
> > 
> > I was talking for a broader usage, not only glibc centric. Most ppl 
> > writing MT+exec apps wants all but (eventually) and handfull of files 
> > leaking across the exec boundary.
> 
> If open (and all other syscalls that create fds) have O_CLOEXEC (and
> something similar for other syscalls), then such a policy can be easily
> implemented on the userland, if desired.

That, unless you change all the syscalls creating files to accept new 
parameters, would require a syscall+fcntl operation. That is not atomic 
(ie, another thread might do exec between the syscall and the fcntl). 
Again, mine was a general comment, not directed into magically fixing 
existing buggy code. What I meant, was that the vast majority of MT+exec 
apps wants all their fds (but an handfull, maybe) to be O_CLOEXEC. So a 
global, non-inheritable, per-process flag seemed the most straightforward 
solution.



- Davide


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ