From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 24244 invoked from network); 19 Dec 2021 14:54:57 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 19 Dec 2021 14:54:57 -0000 Received: (qmail 32724 invoked by uid 550); 19 Dec 2021 14:54:54 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 32689 invoked from network); 19 Dec 2021 14:54:53 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.ca; s=s2048; t=1639925680; bh=1JChxkP3A1aDg5Z9ZrTq3gZ6wvuj9aOPGM1BSb5/MfU=; h=Date:From:Subject:To:References:In-Reply-To:From:Subject:Reply-To; b=S0rwLImQwCVDGd9u19jZL214ZqKhnENxVRYEks5OOH1RJ622Uw4/qTnPjynH0InsPYw9M0TYSuD+ejJVtrgRb3hlI3jodXJEvJVVCV2tpFCkuJGN9xSJb/F3begWzx373NI6CcQGqMcWdZEZcoIw67of0JuW2YngvJe5hwQQ6rU25U209d9K9wjduSgN9L/rzcj48Vdt3Jbht5hKqN1dPz+SxCmkmhamQVv7fjFGHtf3Gbubbr7jJMGNfcKkRWeg/jsWaHd6UrUw3w7P37RcW5S46u6R3ge4JwdRHV85Ujv5bsy3kIxgqi3E9ts/Z/YhbIA5wLMXhQ/s0YUt2xi/uw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1639925680; bh=xHq7hrDzTRisdLRWAxW7jwANssP52MPKI7ak1rOwMD5=; h=X-Sonic-MF:Date:From:Subject:To:From:Subject; b=AaTW3J9h40q2Cu8DBu/j+42sgwZ6tS+FTlWqgW6J4zJmdH3SCXnwRY6rH+9H4OkvEH6Evt5HKDoaBkSsrDmxryAJjHUdHDArMMXOYvL0Z1rjiv//0Gxro5juR6WVlzw3SvyFqH/bhtN57YMKC2Az5KAiDd/SFJ3DnFLHt9g3BkCkOpGvbhhEqcHZgdQzTmlP+l9dKy5f00MgLctiNQEwSVkSSWViPjAGMr81PywB8EvnA7xdB4YviFs8ImRFaj+ddZCFjWgW40rbVmQTNDRIF6To/drZBeEu2k2Z2hAPpCH5Medy2TbeIn75stJa4TURFbjYL2CbaeW97vwoKK/s2A== X-YMail-OSG: i8extLEVM1mj4caAr0e.MVGKn4Wb9Pe8YAYa9udW7epl8iJ4DCbk9wcLUzqY4EL mP4aBgnBhe8KHg3aC8K5lumiPR5I8vTE.Ijj2pts.ePe129nrkfkC0VDdJQg5X3fRjrlUwidPC42 n.a.gMWGMVp_lz.lhrPuzlYo6aXjfOP1qflMlsDi20fQ_qtTFCTfeHk0kQXALeLwQv5WE_vB8Rdq qGQN8IutF0.9lTCsAjuPVihRtfCvD04yjWikH1jp.xGLt7VTmwcM7nGbRvKtOvogZKlcRtNimvdu Vqu6d6uW_N6FnixWJCJ7t4o5Z6xR9Qn_K.ZTCN.VjLkUHTde7dGOWc5.TejYw648mt6Ago6O0ii9 FrwkqbEtpRc0PdKGrPEPcQqb5AiCXxUzI.R1GPGeK7qLuS6prFKGTI76ZJiRKfn9XQijsmPfGclh nwAcaiuQGToH6OK.tWaXoDLa.Kth3hHMpg6NiZ1QkC7LeeRHxBR2Ka6g8nBYlPggHu1LUuq9mS0D fUCaJ9tBG_mij3k_LcNlKbRlkBdlBDk8ZM6P34B66_lN5DON7X59gogmvJYAAGQ0EpYfWzu3VFZl f7VcIKk5TXK1jmWNP_3XB_lX_koC6Qn3VzHptFldARaztdOgTk.JWooR19nF8lbkBpof2ee_qATj 2yuO8AT26KBfnI8FlGDw6LObnqpBEOylhqVqk4B3.86NMSNoQGhuzfWLtxXn8TGr_34XCooZ3cKM bpyDDyqHOALmgEc6PIhXg8gG2U6rkxxCALxsNuIjm8J3.apBPXdA6RZj1MjPgVnETfN.n7Z_IFXH Re12PnXDFChWa0NTebe1szEhzk6DgSEENblXPSmtV1LJMeZ0vQXHpZCDBaRkoRzLvZybkQi_N0O4 ICxzbrSRXy81YZIaVnxv4YufFxKEjKJwnKw0kPestnTY1VaG2MyNZcONq_KclmwDx6UBocimFeCn KT7IndKNekePGthdyoU2s83OmUyzkV8DHvuDmXDzr0pQlE33BRDDO2_7IIcKdFuBLSAAQ2ln7cMR PDwmnaGcfVyNBG9sEtqi31EJvGT4g5gJ2BOgT1Q_3D4bAA9hjlV9RAF.tLn047d2wHB2di5CYTUd dlx24ljVflfdvQOQB2CgTEibskmO6eJRfPRp2BXldMb2un.DWhqAzVDgtN4.Jgv0u0CMuDD1s6mu NdbXRACGev7Zn_eCaCJ9I8s29wcLPkwpGi4bEoZvonjowzJTRSGl3BXuJCdFRpqKivUxcW2QD.aI o_FoWsfxFzoi40GvG0eL4i.MonTEgdo0.Nl_ucB6NPl.IBPBH71MENyVP8HGTGOr48mb4lhIDmUp AReTaTx0hjgHcyYU6oooFtfSyVqRXuetOo0SpTEc8xr6.QTxYSHrHfXN2DGDwW52r2r1Ng4SiYKJ .Aw7Z8xQTK1TQ7hBvwsvt9vRZpCO5dJGV3WuJPrzYO3PvF6P9UOfJq2POHdteIvC3GtVl9Gj4MZ2 2inOh45Z2H_e3A5Lo3SQnaMYEA3Kn.CdyUfHJmMwLoWlaXETwPP3nvjqcJF9p1t3ikeHiZIZfoOi TEoGa9lbIegiZ7hxpQdMCJi6GnXYXzH2d2UG8vDOgEvRpjCVdSrtgUQV.c_Kz2kePltvgnac7ISq X0ERvql0Is6DTBVBGnjgMYQsr4bnMeG6onFICiob8bmlfO8OwZeAXhW93tAtizzyXR2alFIWoDPS jt8ttUytc.IqgVJt7u5BPK.Mo2JXPTWFQjGhoLrFYNWDX3jR96f9e_uF0PDOu01h_CLcWs8Vojmd leFcrV4riRU.qsWgepp4FTEcD8TG5fcAD9YnVPTpwgmQE625LE3fBunH5_3Ht1ywJ1V55GsgzxN9 8F9_06JFJQvuvyxGv.mZcT1ch0E9OdiC3qyn7z5J_5TQUj.49_ToLM0tzZQBUgNSXXXApoNin7Gf rmE6.tEqCMNCO8ylBbMx8gofa_GNlCWIde8G7QTgYCCZVB3n4YGxsmQE8xjdtnxvyCzQ.aBBuYPK fOkNLicayXHHqFyCnjpAqiIhJboYvSNKc.PvnQMdIjQRu4bSq952rdS3gtPI90dSUuyvdz.oeIGz 5EpzCJ2_9P1YGWpVh6DZPPFHqgEGuKbryO2zJa9aWC.CFdKLZAHFqbfhAbHVZXtBVpJYmXoGI7Hq L4bWsK37z1U0IK7QhD_EomPNDmXWjg3bYGnmANJgav3iKr4UJGjPNHejHnBlEVtyNH0qJyZKgUnl cQVXh11Uw3wzVJL2xoeciFg0Rt0MNSyUXYCMM8dd7flXTrFMwEKPl4w6KAcEtm7yWkNwqNv2f5A- - X-Sonic-MF: Date: Sun, 19 Dec 2021 09:54:32 -0500 From: "Alex Xu (Hello71)" To: musl@lists.openwall.com, Markus Wichmann References: <20211218163320.GA1950@voyager> <20211218171414.GO7074@brightrain.aerifal.cx> <20211218172646.GP7074@brightrain.aerifal.cx> In-Reply-To: <20211218172646.GP7074@brightrain.aerifal.cx> MIME-Version: 1.0 Message-Id: <1639925208.rmnuvpezrd.none@localhost> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailer: WebService/1.1.19415 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Subject: Re: [musl] Feasibility of FD_CLOEXEC on all streams Excerpts from Rich Felker's message of December 18, 2021 12:26 pm: > On Sat, Dec 18, 2021 at 12:14:15PM -0500, Rich Felker wrote: >> On Sat, Dec 18, 2021 at 05:33:20PM +0100, Markus Wichmann wrote: >> > Hi all, >> >=20 >> > I was recently reading the source code of popen(), and noticed that it >> > has to iterate over all open files to close all the open pipe FDs the >> > child might inherit. And that made me wonder: >> >=20 >> > 1. Does POSIX allow for all FILE streams to have FD_CLOEXEC applied by >> > default? >>=20 >> No. Accessing fileno(f) is permissible subject to following the rules >> for active handle: >>=20 >> https://pubs.opengroup.org/onlinepubs/9699919799/functions/V2_chap02.htm= l#tag_15_05_01 >>=20 >> and that entails being able to use them according to the rules for how >> fds are inherited across exec. >=20 > Also, the POSIX spec for fopen is rather explicit: >=20 > "[CX] The file descriptor associated with the opened stream shall > be allocated and opened as if by a call to open() with the > following flags: ..." >=20 > https://pubs.opengroup.org/onlinepubs/9699919799/functions/fopen.html >=20 > Rich >=20 Playing devil's advocate here, can't the implementation unset FD_CLOEXEC=20 when fileno is called? This doesn't fix the latter issue, but if that's=20 the only problem then I would argue that it can be sufficiently covered=20 by the as-if rule. It also wouldn't fix the popen loop, but would still=20 add some hardening for poorly written programs. Cheers, Alex.