On Wed, 4 Aug 2021 12:22:24 GMT, Thomas Stuefe <stu...@openjdk.org> wrote:
> We should not leak the handle to the jimage file (lib/modules) to childs.
>
> JDK-8194734 did solve this for windows. We should use FD_CLOEXEC on Posix as
> well.
>
> Note that this only poses a problem when a child process is spawned off not
> via `Runtime.exec` but via another route since the spawnhelper closes all
> file descriptors.
>
> ---
> test:
>
> manually verified that lib/modules now has the FD_CLOEXEC flag set.
src/java.base/unix/native/libjimage/osSupport_unix.cpp line 41:
> 39: */
> 40: jint osSupport::openReadOnly(const char *path) {
> 41: return ::open(path, O_CLOEXEC);
This is okay but I think it would be useful to know why this one place needs
O_CLOEXEC and not others.
-------------
PR: https://git.openjdk.java.net/jdk/pull/4991
