On Sun, Mar 17, 2013 at 10:23:53PM +0100, Jilles Tjoelker wrote: > Here are some more modifications to allow creating file descriptors with > close-on-exec set. Like in linux/glibc, SOCK_CLOEXEC and SOCK_NONBLOCK > can be OR'ed in socket() and socketpair()'s type parameter, and > MSG_CMSG_CLOEXEC to recvmsg() makes file descriptors (SCM_RIGHTS) > atomically close-on-exec. > > The numerical values for SOCK_CLOEXEC and SOCK_NONBLOCK are as in > NetBSD. MSG_CMSG_CLOEXEC is the first free bit for MSG_*. > > I do not pass the SOCK_* flags to MAC because this may cause incorrect > failures and can be done later via fcntl() anyway. I expect audit to > cope with the new flags. > > For MSG_CMSG_CLOEXEC, I had to change unp_externalize to take a flags > argument.
This looks fine to me. The only note I have, which is not directly related to your patch, is the recvmsg(2) behaviour when the undefined flag is passed. The syscall silently ignores the flags. I think this is quite wrong, and would cause interesting (security) implications if the program using the MSG_CMSG_CLOEXEC is run on older kernel which does not interpret the flag. Might be, we should start returning EINVAL for unknown flag, despite SUSv4 not specifying the condition ?
pgp6vw8MKGyIu.pgp
Description: PGP signature