Donn Cave wrote:
On Oct 16, 2007, at 9:52 PM, Brandon S. Allbery KF8NH wrote:
On Oct 17, 2007, at 0:39 , Donn Cave wrote:
...
As for closing file descriptors explicitly - if I remember right what
I've seen
in the NetBSD source, the UNIX popen() implementation may years ago
have closed all file descriptors, but now it keeps track of the ones
it created,
and only closes them. I think that's the way to go, if closing fds.
Either implementation causes problems; security folks tend to prefer
that all file descriptors other than 0-2 (0-4 on Windows?) be closed,
and 0-2(4) be forced open (on /dev/null if they're not already open).
But in this case, the idea is to set FD_CLOEXEC on (and only on) file
descriptors opened by the Haskell runtime, so you would get the same
effect as tracking file descriptors manually.
I can't speak for security folks, but for me, the way you put it goes
way too far.
The file descriptors at issue were opened by runInteractiveProcess, and
FD_CLOEXEC on them would solve the whole problem (I think.) Is that
what you mean? To set this flag routinely on all file descriptors
opened in
any way would require a different justification, and it would have to be a
pretty good one!
Setting FD_CLOEXEC on just the pipes created by runInteractiveProcess
sounds right to me.
Certainly we don't want to set the flag on *all* FDs created in Haskell, in
particular users of System.Posix.openFd probably want to choose whether
they set FD_CLOEXEC or not.
Would someone like to create a bug report?
Cheers,
Simon
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
