From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-3.3 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 18279 invoked from network); 25 Jan 2021 14:42:52 -0000 Received: from mother.openwall.net (195.42.179.200) by inbox.vuxu.org with ESMTPUTF8; 25 Jan 2021 14:42:52 -0000 Received: (qmail 28514 invoked by uid 550); 25 Jan 2021 14:42:50 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Reply-To: musl@lists.openwall.com Received: (qmail 28491 invoked from network); 25 Jan 2021 14:42:49 -0000 Date: Mon, 25 Jan 2021 09:42:36 -0500 From: Rich Felker To: Bruno Haible Cc: musl@lists.openwall.com Message-ID: <20210125144236.GV23432@brightrain.aerifal.cx> References: <3521697.b4TYcCAa2N@omega> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3521697.b4TYcCAa2N@omega> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: [musl] insufficient checking in posix_spawn_file_actions_add{open,dup2} On Mon, Jan 25, 2021 at 09:31:50AM +0100, Bruno Haible wrote: > Hi, > > POSIX [1][2] says about the functions > posix_spawn_file_actions_addopen > posix_spawn_file_actions_adddup2 > > The function "shall fail if: > [EBADF] > The value specified by fildes is negative or greater than or equal to {OPEN_MAX}." > > However, in musl libc 1.2.2, these two test programs exit with status 2: > ======================================================================== > #include > #include > int main () > { > posix_spawn_file_actions_t actions; > if (posix_spawn_file_actions_init (&actions) != 0) > return 1; > if (posix_spawn_file_actions_addopen (&actions, 10000000, "foo", 0, O_RDONLY) > == 0) > return 2; > return 0; > } > ======================================================================== > #include > int main () > { > posix_spawn_file_actions_t actions; > if (posix_spawn_file_actions_init (&actions) != 0) > return 1; > if (posix_spawn_file_actions_adddup2 (&actions, 10000000, 2) == 0) > return 2; > return 0; > } > ======================================================================== > > sysconf (_SC_OPEN_MAX) is 1024, on that system. > > Best regards, > > Bruno > > [1] https://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_addopen.html > [2] https://pubs.opengroup.org/onlinepubs/9699919799/functions/posix_spawn_file_actions_adddup2.html Thanks. I think I was vaguely aware of this, but misremembered https://www.austingroupbugs.net/view.php?id=418 as dropping the requirement (which is rather odious, especially if a file action for changing rlimit were ever to be added) rather than just removing it for close. With that said, is there any normative text that {OPEN_MAX} in the spec indicates a requirement to honor a dynamic max sysconf(_SC_OPEN_MAX)? As written, the "shall fail" seems to apply just on systems where OPEN_MAX is defined; sysconf isn't referenced. I would very much prefer not to have to enforce such a max here since it's hostile to future extensibility and wastes a syscall in an operation that should not require one. In any case negative values should be checked. Rich