Re: close-on-exec

Thomas Klausner Thu, 26 Feb 2015 01:34:53 -0800

On Wed, Feb 25, 2015 at 02:27:30PM -0800, Alan Coopersmith wrote:
> Solaris has the ancient support for setting the FD_CLOEXEC flag via
> fcntl() in all versions, and the more recent support for the O_CLOEXEC
> flag to open() in Solaris 11 and later, but does not yet support the
> "e" flag to fopen().  (I've filed an enhancement request to add it to
> our libc in the future, but that doesn't help today.)
> 
> I believe the most portable way to do this is:
> 
> if (!(addfp = fopen (addAuthFile, "w")))
>       goto bad;
> else
>       fcntl(fileno(addfp), F_SETFD, FD_CLOEXEC);
> 
> That would be subject to race conditions in multi-threaded processes, as
> described in https://udrepper.livejournal.com/20407.html, so not safe in
> libraries or programs which deliberately start multiple threads, but since
> xsm is not one of those, it should be mostly safe. (Not completely, because
> we can't be sure nothing we called in a library didn't start a thread behind
> the scenes to handle one of our requests, but without an "e" flag everywhere,
> I'm not sure what more we can do.  I have no idea how to write a configure
> check to test for fopen(..., "e") support either.)


Ok, so let's use fcntl for now, new patch attached.
 Thomas

>From e8ea2f72fdb8c6ab38fd8a7b76865695065283cf Mon Sep 17 00:00:00 2001
From: Thomas Klausner <w...@netbsd.org>
Date: Wed, 25 Feb 2015 22:22:50 +0100
Subject: [PATCH:xsm] Close file descriptors on exec.

Signed-off-by: Thomas Klausner <w...@netbsd.org>
---
 auth.c     | 4 ++++
 choose.c   | 2 ++
 lock.c     | 1 +
 remote.c   | 3 ++-
 restart.c  | 1 +
 saveutil.c | 3 +++
 6 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/auth.c b/auth.c
index 5b3bcac..6f355c2 100644
--- a/auth.c
+++ b/auth.c
@@ -156,24 +156,28 @@ SetAuthentication(int count, IceListenObj *listenObjs,
 
     if (!(addfp = fopen (addAuthFile, "w")))
        goto bad;
+    (void)fcntl(fileno(addfp), F_SETFD, FD_CLOEXEC);
 
     if ((remAuthFile = unique_filename (path, ".xsm")) == NULL)
        goto bad;
 
     if (!(removefp = fopen (remAuthFile, "w")))
        goto bad;
+    (void)fcntl(fileno(removefp), F_SETFD, FD_CLOEXEC);
 #else
     if ((addAuthFile = unique_filename (path, ".xsm", &fd)) == NULL)
        goto bad;
     
     if (!(addfp = fdopen(fd, "wb"))) 
        goto bad;
+    (void)fcntl(fileno(addfp), F_SETFD, FD_CLOEXEC);
 
     if ((remAuthFile = unique_filename (path, ".xsm", &fd)) == NULL)
        goto bad;
     
     if (!(removefp = fdopen(fd, "wb"))) 
        goto bad;
+    (void)fcntl(fileno(removefp), F_SETFD, FD_CLOEXEC);
 #endif
 
     if ((*authDataEntries = (IceAuthDataEntry *) XtMalloc (
diff --git a/choose.c b/choose.c
index 6459b61..4ec80c3 100644
--- a/choose.c
+++ b/choose.c
@@ -98,6 +98,8 @@ GetSessionNames(int *count_ret, String **short_names_ret,
     if ((dir = opendir (path)) == NULL)
        return 0;
 
+    (void)fcntl(dirfd(dir), F_SETFD, FD_CLOEXEC);
+
     count = 0;
 
     while ((entry = readdir (dir)) != NULL)
diff --git a/lock.c b/lock.c
index 84c0ee3..7fba1d3 100644
--- a/lock.c
+++ b/lock.c
@@ -121,6 +121,7 @@ GetLockId(const char *session_name)
     {
        return (NULL);
     }
+    (void)fcntl(fileno(fp), F_SETFD, FD_CLOEXEC);
 
     buf[0] = '\0';
     fscanf (fp, "%255s\n", buf);
diff --git a/remote.c b/remote.c
index 54d95ac..1fe1b45 100644
--- a/remote.c
+++ b/remote.c
@@ -111,7 +111,8 @@ remote_start(const char *restart_protocol, const char 
*restart_machine,
        default:                /* parent */
 
            close (pipefd[0]);
-           fp = (FILE *) fdopen (pipefd[1], "w");
+           (void)fcntl(pipefd[1], F_SETFD, FD_CLOEXEC);
+           fp = fdopen (pipefd[1], "w");
 
            fprintf (fp, "CONTEXT X\n");
            fprintf (fp, "DIR %s\n", cwd);
diff --git a/restart.c b/restart.c
index 57663a5..6aae637 100644
--- a/restart.c
+++ b/restart.c
@@ -543,6 +543,7 @@ StartDefaultApps (void)
            exit (1);
        }
     }
+    (void)fcntl(fileno(f), F_SETFD, FD_CLOEXEC);
 
     buf = NULL;
     buflen = 0;
diff --git a/saveutil.c b/saveutil.c
index 091763a..f8a7171 100644
--- a/saveutil.c
+++ b/saveutil.c
@@ -72,6 +72,7 @@ ReadSave(const char *session_name, char **sm_id)
        *sm_id = NULL;
        return 0;
     }
+    (void)fcntl(fileno(f), F_SETFD, FD_CLOEXEC);
     if (verbose)
        printf("Reading session save file...\n");
 
@@ -319,6 +320,7 @@ WriteSave(const char *sm_id)
     }
     else
     {
+       (void)fcntl(fileno(f), F_SETFD, FD_CLOEXEC);
        fprintf (f, "%d\n", SAVEFILE_VERSION);
        fprintf (f, "%s\n", sm_id);
 
@@ -431,6 +433,7 @@ DeleteSession(const char *session_name)
     if(!f) {
        return (0);
     }
+    (void)fcntl(fileno(f), F_SETFD, FD_CLOEXEC);
 
     buf = NULL;
     buflen = 0;
-- 
2.3.0

_______________________________________________
xorg-devel@lists.x.org: X.Org development
Archives: http://lists.x.org/archives/xorg-devel
Info: http://lists.x.org/mailman/listinfo/xorg-devel

Re: close-on-exec

Reply via email to