On 06/16/12 01:29 PM, ольга крыжановская wrote:
> Alan, IMO a F_DUPFD_CLOEXEC would be useful, too.
I don't see a dup note in the current document, so this would take
the form of adding a new entry:
dup, dup2
---------
int dup(int fildes);
int dup2(int fildes, int fildes2);
Category
USE WITH CAUTION
Note
dup() and dup2() both return file descriptors with the FD_CLOEXEC cleared
so that they may leak when a program calls exec(). Older code made fcntl()
calls shortly after these functions returned to set that flag, but in
multi-threaded code (including programs that only run one thread themselves,
but may be linked with libraries that run additional threads), that leaves a
window open for a race with another thread. The F_DUPFD_CLOEXEC &
F_DUP2FD_CLOEXEC calls to fcntl (available in Solaris 11 and later releases)
combine the duplication & flag setting into an atomic operation so there is
no race.
Alternative
fcntl(fildes, F_DUPFD_CLOEXEC, 0)
fcntl(fildes, F_DUP2FD_CLOEXEC, fildes2)
--
-Alan Coopersmith- [email protected]
Oracle Solaris Engineering - http://blogs.oracle.com/alanc
_______________________________________________
security-discuss mailing list
[email protected]
