Alan, I don't see F_DUPFD_CLOEXEC and F_DUP2FD_CLOEXEC in my Solaris 11. Linux doesn't seem to have F_DUP2FD_CLOEXEC.
Olga On Sun, Jun 17, 2012 at 7:20 PM, Alan Coopersmith <[email protected]> wrote: > On 06/16/12 01:29 PM, ольга крыжановская wrote: >> Alan, IMO a F_DUPFD_CLOEXEC would be useful, too. > > I don't see a dup note in the current document, so this would take > the form of adding a new entry: > > dup, dup2 > --------- > int dup(int fildes); > int dup2(int fildes, int fildes2); > > Category > USE WITH CAUTION > > Note > dup() and dup2() both return file descriptors with the FD_CLOEXEC cleared > so that they may leak when a program calls exec(). Older code made fcntl() > calls shortly after these functions returned to set that flag, but in > multi-threaded code (including programs that only run one thread themselves, > but may be linked with libraries that run additional threads), that leaves a > window open for a race with another thread. The F_DUPFD_CLOEXEC & > F_DUP2FD_CLOEXEC calls to fcntl (available in Solaris 11 and later releases) > combine the duplication & flag setting into an atomic operation so there is > no race. > > Alternative > fcntl(fildes, F_DUPFD_CLOEXEC, 0) > fcntl(fildes, F_DUP2FD_CLOEXEC, fildes2) > > -- > -Alan Coopersmith- [email protected] > Oracle Solaris Engineering - http://blogs.oracle.com/alanc -- , _ _ , { \/`o;====- Olga Kryzhanovska -====;o`\/ } .----'-/`-/ [email protected] \-`\-'----. `'-..-| / http://twitter.com/fleyta \ |-..-'` /\/\ Solaris/BSD//C/C++ programmer /\/\ `--` `--` _______________________________________________ security-discuss mailing list [email protected]
