Re: [RFC] Subtle race in dup2() and permissions on /proc/<pid>/fd/<n>

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Guest section DW: "Re: [RFC] Subtle race in dup2() and permissions on /proc/<pid>/fd/<n>"
• Previous message: Langis, Richard: "RE: eepro100 frame errors with SMP"
• In reply to: Alexander Viro: "Re: [RFC] Subtle race in dup2() and permissions on /proc/<pid>/fd/<n>"
• Reply: Alexander Viro: "Re: [RFC] Subtle race in dup2() and permissions on /proc/<pid>/fd/<n>"

> viro asks:
>
> > dup2(foo, bar) closes bar, but completely ignores the results of
> > close(). POSIX position on that?
>
> The call
> fd = dup2(fd1,fd2);
> is equivalent to
> close(fd2);
> fd = fcntl(fd1, F_DUPFD, fd2);

Ouch... Does it imply that for two threads sharing the descriptors (cloned
with COPY_FILES) dup2(foo, bar); and close(foo); may legitmately result in
both foo an bar closed?

close(fd2); close(fd1);
fnctl(fd1, F_DUPFD, fd2);

... and we got a big mess on hands. There is a whole lot of interesting
races in that area. I think that in the setup above we should treat dup2()
as atomic operation wrt close(). In other words, fd1 should be taken in
the context that exists when dup2() was called, not when it closed fd2.

Comments?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Guest section DW: "Re: [RFC] Subtle race in dup2() and permissions on /proc/<pid>/fd/<n>"
• Previous message: Langis, Richard: "RE: eepro100 frame errors with SMP"
• In reply to: Alexander Viro: "Re: [RFC] Subtle race in dup2() and permissions on /proc/<pid>/fd/<n>"
• Reply: Alexander Viro: "Re: [RFC] Subtle race in dup2() and permissions on /proc/<pid>/fd/<n>"