redonkable/alistair23-linux
redonkable/alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/fs
History
Ulrich Drepper f23513e8d9 Introduce O_CLOEXEC 
The problem is as follows: in multi-threaded code (or more correctly: all
code using clone() with CLONE_FILES) we have a race when exec'ing.

   thread #1                       thread #2

   fd=open()

                                   fork + exec

  fcntl(fd,F_SETFD,FD_CLOEXEC)

In some applications this can happen frequently.  Take a web browser.  One
thread opens a file and another thread starts, say, an external PDF viewer.
 The result can even be a security issue if that open file descriptor
refers to a sensitive file and the external program can somehow be tricked
into using that descriptor.

Just adding O_CLOEXEC support to open() doesn't solve the whole set of
problems.  There are other ways to create file descriptors (socket,
epoll_create, Unix domain socket transfer, etc).  These can and should be
addressed separately though.  open() is such an easy case that it makes not
much sense putting the fix off.

The test program:

#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>

#ifndef O_CLOEXEC
# define O_CLOEXEC 02000000
#endif

int
main (int argc, char *argv[])
{
  int fd;
  if (argc > 1)
    {
      fd = atol (argv[1]);
      printf ("child: fd = %d\n", fd);
      if (fcntl (fd, F_GETFD) == 0 || errno != EBADF)
        {
          puts ("file descriptor valid in child");
          return 1;
        }
      return 0;
    }

  fd = open ("/proc/self/exe", O_RDONLY | O_CLOEXEC);
  printf ("in parent: new fd = %d\n", fd);
  char buf[20];
  snprintf (buf, sizeof (buf), "%d", fd);
  execl ("/proc/self/exe", argv[0], buf, NULL);
  puts ("execl failed");
  return 1;
}

[kyle@parisc-linux.org: parisc fix]
Signed-off-by: Ulrich Drepper <drepper@redhat.com>
Acked-by: Ingo Molnar <mingo@elte.hu>
Cc: Davide Libenzi <davidel@xmailserver.org>
Cc: Michael Kerrisk <mtk-manpages@gmx.net>
Cc: Chris Zankel <chris@zankel.net>
Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-16 09:05:45 -07:00
..
9p 9p: re-enable mount time debug option 2007-07-14 15:14:14 -05:00
adfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
affs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
afs AFS: drop explicit extern 2007-07-16 09:05:43 -07:00
autofs Replace pid_t in autofs with struct pid reference 2007-05-11 08:29:36 -07:00
autofs4 Fix some coding-style errors in autofs 2007-05-11 08:29:36 -07:00
befs Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
bfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
cifs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
coda wrong order of arguments of ->readdir() 2007-07-15 16:40:51 -07:00
configfs Detach sched.h from mm.h 2007-05-21 09:18:19 -07:00
cramfs mm: make read_cache_page synchronous 2007-05-07 12:12:51 -07:00
debugfs debugfs: add rename for debugfs files 2007-07-11 16:09:00 -07:00
devpts devpts: add fsnotify create event 2007-05-08 11:14:59 -07:00
dlm [DLM] dump more lock values 2007-07-09 08:24:13 +01:00
ecryptfs sysfs: kill unnecessary attribute->owner 2007-07-11 16:09:06 -07:00
efs Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
exportfs header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
ext2 ext2: fix a comment when ext2_release_file() is called 2007-07-16 09:05:44 -07:00
ext3 sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
ext4 sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
fat fat: gcc 4.3 warning fix 2007-07-16 09:05:42 -07:00
freevxfs vxfs warning fixes 2007-07-16 09:05:41 -07:00
fuse sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
gfs2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/steve/gfs2-2.6-nmw 2007-07-10 13:56:13 -07:00
hfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
hfsplus sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
hostfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
hpfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
hppfs
hugetlbfs shm: fix the filename of hugetlb sysv shared memory 2007-06-16 13:16:16 -07:00
isofs remove useless tolower in isofs 2007-07-16 09:05:43 -07:00
jbd jbd commit: fix transaction dropping 2007-07-16 09:05:34 -07:00
jbd2 jbd2 commit: fix transaction dropping 2007-07-16 09:05:34 -07:00
jffs2 sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
jfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
lockd NLM: fix source address of callback to client 2007-07-10 23:40:49 -04:00
minix sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
msdos
ncpfs Only send SIGXFSZ when exceeding rlimits. 2007-07-16 09:05:43 -07:00
nfs Make NFS client use seq_list_xxx helpers 2007-07-16 09:05:42 -07:00
nfs_common
nfsd Merge git://git.linux-nfs.org/pub/linux/nfs-2.6 2007-07-13 16:46:18 -07:00
nls
ntfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
ocfs2 sysfs: kill unnecessary attribute->owner 2007-07-11 16:09:06 -07:00
openpromfs Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
partitions fix compiler warnings in acorn.c 2007-07-16 09:05:42 -07:00
proc /proc/*/environ: wrong placing of ptrace_may_attach() check 2007-07-16 09:05:44 -07:00
qnx4 sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
ramfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
reiserfs Only send SIGXFSZ when exceeding rlimits. 2007-07-16 09:05:43 -07:00
romfs Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
smbfs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
sysfs sysfs: add parameter "struct bin_attribute *" in .read/.write methods for sysfs binary attributes 2007-07-11 16:09:09 -07:00
sysv sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
udf UDF: check for allocated memory for inode data 2007-07-16 09:05:41 -07:00
ufs sendfile: remove .sendfile from filesystems that use generic_file_sendfile() 2007-07-10 08:04:13 +02:00
vfat
xfs [XFS] Fix lockdep annotations for xfs_lock_inodes 2007-07-14 18:09:42 +10:00
aio.c signal/timer/event: KAIO eventfd support example 2007-05-11 08:29:37 -07:00
anon_inodes.c signal/timer/event fds: anonymous inode source 2007-05-11 08:29:36 -07:00
attr.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
bad_inode.c sendfile: remove bad_sendfile() from bad_file_ops 2007-07-10 08:04:15 +02:00
binfmt_aout.c
binfmt_elf.c PIE randomization 2007-07-16 09:05:42 -07:00
binfmt_elf_fdpic.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
binfmt_em86.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
binfmt_flat.c nommu: report correct errno in message 2007-06-08 17:23:32 -07:00
binfmt_misc.c Detach sched.h from mm.h 2007-05-21 09:18:19 -07:00
binfmt_script.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
binfmt_som.c
bio.c unexport bio_{,un}map_user 2007-07-10 08:03:34 +02:00
block_dev.c fs/block_dev.c: use list_for_each_entry() 2007-07-16 09:05:45 -07:00
buffer.c buffer: kill old incorrect comment 2007-07-16 09:05:45 -07:00
char_dev.c
compat.c optimize compat_core_sys_select() by a using stack space for small fd sets 2007-05-23 20:14:12 -07:00
compat_ioctl.c fix compat console unimap regression 2007-05-25 17:37:46 -07:00
dcache.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
dcookies.c
direct-io.c dio: remove bogus refcounting BUG_ON 2007-07-03 18:23:23 -07:00
dnotify.c
dquot.c circular locking dependency found in QUOTA OFF 2007-05-17 05:23:05 -07:00
drop_caches.c invalidate_mapping_pages(): add cond_resched 2007-07-16 09:05:36 -07:00
eventfd.c eventfd use waitqueue lock ... 2007-05-18 13:09:34 -07:00
eventpoll.c epoll: move kfree inside ep_free 2007-05-15 08:54:00 -07:00
exec.c uselib: add missing MNT_NOEXEC check 2007-05-23 20:14:13 -07:00
fcntl.c
fifo.c Detach sched.h from mm.h 2007-05-21 09:18:19 -07:00
file.c
file_table.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
filesystems.c add filesystem subtype support 2007-05-08 11:15:01 -07:00
fs-writeback.c
generic_acl.c
inode.c Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
inotify.c Introduce a handy list_first_entry macro 2007-05-08 11:15:11 -07:00
inotify_user.c
internal.h cleanup compat ioctl handling 2007-05-08 11:15:09 -07:00
ioctl.c vanishing ioctl handler debugging 2007-06-04 13:25:10 -07:00
ioprio.c
Kconfig 9p: Reorganization of 9p file system code 2007-07-14 15:13:40 -05:00
Kconfig.binfmt fs: Kill sh dependency for binfmt_flat. 2007-05-21 14:34:00 +09:00
libfs.c fs/libfs.c: >80 columns line break fix 2007-05-09 06:44:57 +02:00
locks.c Remove SLAB_CTOR_CONSTRUCTOR 2007-05-17 05:23:04 -07:00
Makefile signal/timer/event: eventfd core 2007-05-11 08:29:36 -07:00
mbcache.c
mpage.c consolidate generic_writepages and mpage_writepages 2007-05-11 08:29:35 -07:00
namei.c [PATCH] complete message queue auditing 2007-05-11 05:38:26 -04:00
namespace.c Make /proc/self/mounts(tats) use seq_list_xxx helpers 2007-07-16 09:05:42 -07:00
nfsctl.c
no-block.c
open.c Introduce O_CLOEXEC 2007-07-16 09:05:45 -07:00
pipe.c pipe: add documentation and comments 2007-07-10 08:04:16 +02:00
pnode.c Introduce a handy list_first_entry macro 2007-05-08 11:15:11 -07:00
pnode.h
posix_acl.c
quota.c circular locking dependency found in QUOTA OFF 2007-05-17 05:23:05 -07:00
quota_v1.c
quota_v2.c
read_write.c Remove remnants of sendfile() 2007-07-10 08:04:15 +02:00
read_write.h
readdir.c ROUND_UP macro cleanup in fs/(select|compat|readdir).c 2007-05-08 11:15:09 -07:00
select.c Style fix in fs/select.c 2007-05-09 07:10:02 +02:00
seq_file.c mutex_unlock() later in seq_lseek() 2007-07-16 09:05:44 -07:00
signalfd.c avoid spurious POLLIN returns in signalfd 2007-06-28 11:34:54 -07:00
splice.c splice: fix offset mangling with direct splicing (sendfile) 2007-07-13 14:14:31 +02:00
stack.c
stat.c header cleaning: don't include smp_lock.h when not used 2007-05-08 11:15:07 -07:00
super.c add filesystem subtype support 2007-05-08 11:15:01 -07:00
sync.c Introduce fixed sys_sync_file_range2() syscall, implement on PowerPC and ARM 2007-06-28 11:38:30 -07:00
timerfd.c timerfd use waitqueue lock ... 2007-05-18 13:09:34 -07:00
utimes.c Fix permission checking for the new utimensat() system call 2007-07-08 12:02:55 -07:00
xattr.c [PATCH] audit inode for all xattr syscalls 2007-05-11 05:38:26 -04:00
xattr_acl.c