| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 25 Aug 2009 14:53:54 -0700 (PDT) From: Davide Libenzi <davidel@...ilserver.org> To: Eric Blake <ebb9@....net> cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, bug-coreutils@....org, bug-gnulib@....org, Ulrich Drepper <drepper@...hat.com>, Ingo Molnar <mingo@...e.hu> Subject: Re: [PATCH] open: introduce O_NOSTD On Tue, 25 Aug 2009, Eric Blake wrote: > Another solution is for the application to sanitize all newly-created > fds: GNU coreutils provides a wrapper open_safer, which does nothing > extra in the common case that open() returned 3 or larger, but calls > fcntl(n,F_DUPFD,3)/close(n) before returning if n was less than 3. > However, this leads to triple the syscall cost for every open() call > if the process starts life with a std fd closed; and if O_CLOEXEC is > not used, still leaves a window of time where the fd can be leaked > through another thread's use of fork/exec. I think we can say that the vast majority of the software is not going to notice the proposed open_safer(), performance-wise, since the first three fds are always filled. So IMO the performance impact argument is a weak one. If CLOEXEC semantics are needed in the open operation, F_DUPFD_CLOEXEC can be used to match it. While the patch is simple, IMO this is something that can be easily taken care in glibc layers w/out huge drawbacks. - Davide -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists