New submission from Alexey Izbyshev <izbys...@ispras.ru>:
After #40422 _Py_closerange() assumes that close_range() closes all file descriptors even if it returns an error (other than ENOSYS): if (close_range(first, last, 0) == 0 || errno != ENOSYS) { /* Any errors encountered while closing file descriptors are ignored; * ENOSYS means no kernel support, though, * so we'll fallback to the other methods. */ } else /* fallbacks */ This assumption can be wrong on Linux if a seccomp sandbox denies the underlying syscall, pretending that it returns EPERM or EACCES. In this case _Py_closerange() won't close any descriptors at all, which in the worst case can be a security issue. I propose to fix this by falling back to other methods in case of *any* close_range() error. Note that fallbacks will not be triggered on any problems with closing individual file descriptors because close_range() is documented to ignore such errors on both Linux[1] and FreeBSD[2]. [1] https://man7.org/linux/man-pages/man2/close_range.2.html [2] https://www.freebsd.org/cgi/man.cgi?query=close_range&sektion=2 ---------- assignee: izbyshev components: Library (Lib) keywords: 3.10regression messages: 416986 nosy: gregory.p.smith, izbyshev, kevans, kevans91 priority: normal severity: normal status: open title: os.closerange() can be no-op in a seccomp sandbox type: behavior versions: Python 3.10, Python 3.11 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue47260> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com