* [PATCH] sysopen -o cloexec doesn't work when the fd is dupped
@ 2017-05-23 15:46 Stephane Chazelas
0 siblings, 0 replies; only message in thread
From: Stephane Chazelas @ 2017-05-23 15:46 UTC (permalink / raw)
To: Zsh hackers list
[-- Attachment #1: Type: text/plain, Size: 1942 bytes --]
Hello:
On systems with support for open(O_CLOEXEC):
$ zsh -c 'zmodload zsh/system; sysopen -w -o cloexec -u 3 /dev/null; ls -l /proc/self/fd'
total 0
lrwx------ 1 chazelas chazelas 64 May 23 16:35 0 -> /dev/pts/1
lrwx------ 1 chazelas chazelas 64 May 23 16:35 1 -> /dev/pts/1
lrwx------ 1 chazelas chazelas 64 May 23 16:35 2 -> /dev/pts/1
lr-x------ 1 chazelas chazelas 64 May 23 16:35 3 -> /proc/21668/fd
(OK)
$ zsh -c 'zmodload zsh/system; sysopen -w -o cloexec -u 4 /dev/null; ls -l /proc/self/fd'
total 0
lrwx------ 1 chazelas chazelas 64 May 23 16:35 0 -> /dev/pts/1
lrwx------ 1 chazelas chazelas 64 May 23 16:35 1 -> /dev/pts/1
lrwx------ 1 chazelas chazelas 64 May 23 16:35 2 -> /dev/pts/1
lr-x------ 1 chazelas chazelas 64 May 23 16:35 3 -> /proc/21669/fd
l-wx------ 1 chazelas chazelas 64 May 23 16:35 4 -> /dev/null
(not OK: fd 4 passed to ls)
$ zsh -c 'zmodload zsh/system; sysopen -w -o cloexec -u fd /dev/null; ls -l /proc/self/fd'
total 0
lrwx------ 1 chazelas chazelas 64 May 23 16:35 0 -> /dev/pts/1
lrwx------ 1 chazelas chazelas 64 May 23 16:35 1 -> /dev/pts/1
l-wx------ 1 chazelas chazelas 64 May 23 16:35 12 -> /dev/null
lrwx------ 1 chazelas chazelas 64 May 23 16:35 2 -> /dev/pts/1
lr-x------ 1 chazelas chazelas 64 May 23 16:35 3 -> /proc/21674/fd
(not OK: fd 3 passed to ls).
The reason is that in the last two cases, dup()/dup2() was
called on the fd returned by open(). In the first case to make
it the requested "3", and in the second case so it's a fd above
10.
The cloexec flag is one that is attached to the fd, not the open
file description, so it doesn't survive a dup(). So one needs to
reapply the CLOEXEC flag again after the dup.
See attached for a suggested fix. Linux has a dup3() which you
can pass the CLOEXEC flag to, but I don't expect that to be
very portable.
The code could be simplified so that fcntl() is always called as
it's likely it's going to be called anyway.
--
Stephane
[-- Attachment #2: cloexec.fix --]
[-- Type: text/plain, Size: 1902 bytes --]
diff --git a/Src/Modules/system.c b/Src/Modules/system.c
index afaec262a..3eecd7e95 100644
--- a/Src/Modules/system.c
+++ b/Src/Modules/system.c
@@ -313,7 +313,7 @@ bin_sysopen(char *nam, char **args, Options ops, UNUSED(int func))
int flags = O_NOCTTY | append | ((append || write) ?
(read ? O_RDWR : O_WRONLY) : O_RDONLY);
char *opt, *ptr, *nextopt, *fdvar;
- int o, fd, explicit = -1;
+ int o, fd, moved_fd, explicit = -1;
mode_t perms = 0666;
#if defined(FD_CLOEXEC) && !defined(O_CLOEXEC)
int fdflags;
@@ -376,22 +376,32 @@ bin_sysopen(char *nam, char **args, Options ops, UNUSED(int func))
zwarnnam(nam, "can't open file %s: %e", *args, errno);
return 1;
}
- fd = (explicit > -1) ? redup(fd, explicit) : movefd(fd);
- if (fd == -1) {
+ moved_fd = (explicit > -1) ? redup(fd, explicit) : movefd(fd);
+ if (moved_fd == -1) {
zwarnnam(nam, "can't open file %s", *args);
return 1;
}
-#if defined(FD_CLOEXEC) && !defined(O_CLOEXEC)
+#ifdef FD_CLOEXEC
+#ifdef O_CLOEXEC
+ /*
+ * the O_CLOEXEC is a flag attached to the *file descriptor*, not the
+ * *open file description* so it doesn't survive a dup(). If that flag was
+ * requested and the fd was moved, we need to reapply it to the moved fd
+ * even if the original one was open with O_CLOEXEC
+ */
+ if ((flags & O_CLOEXEC) && fd != moved_fd)
+#else
if (fdflags)
- fcntl(fd, F_SETFD, FD_CLOEXEC);
-#endif
+#endif /* O_CLOEXEC */
+ fcntl(moved_fd, F_SETFD, FD_CLOEXEC);
+#endif /* FD_CLOEXEC */
if (explicit == -1) {
- fdtable[fd] = FDT_EXTERNAL;
- setiparam(fdvar, fd);
- /* if setting the variable failed, close fd to avoid leak */
+ fdtable[moved_fd] = FDT_EXTERNAL;
+ setiparam(fdvar, moved_fd);
+ /* if setting the variable failed, close moved_fd to avoid leak */
if (errflag)
- zclose(fd);
+ zclose(moved_fd);
}
return 0;
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-05-23 15:46 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-05-23 15:46 [PATCH] sysopen -o cloexec doesn't work when the fd is dupped Stephane Chazelas
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).