Re: Implement close-on-fork

From: James Bottomley
Date: Wed Apr 22 2020 - 10:33:11 EST

Next message: Jiaxun Yang: "[PATCH v5] MIPS: Truncate link address into 32bit for 32bit kernel"
Previous message: Jiaxun Yang: "[PATCH 6/6] dt-bindings: interrupt-controller: Add Loongson PCH MSI"
In reply to: Bernd Petrovitsch: "Re: [PATCH 1/4] fs: Implement close-on-fork"
Next in thread: Al Viro: "Re: Implement close-on-fork"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 2020-04-20 at 02:15 -0500, Nate Karstens wrote:
> Series of 4 patches to implement close-on-fork. Tests have been
> published to https://github.com/nkarstens/ltp/tree/close-on-fork.
>
> close-on-fork addresses race conditions in system(), which
> (depending on the implementation) is non-atomic in that it
> first calls a fork() and then an exec().

Why is this a problem? I get that there's a time between fork and exec
when you have open file descriptors, but they should still be running
in the binary context of the programme that called fork, i.e. under
your control. The security problems don't seem to occur until you exec
some random binary, which close on exec covers. So what problem would
close on fork fix?

> This functionality was approved by the Austin Common Standards
> Revision Group for inclusion in the next revision of the POSIX
> standard (see issue 1318 in the Austin Group Defect Tracker).

URL? Does this standard give a reason why the functionality might be
useful.

James

Next message: Jiaxun Yang: "[PATCH v5] MIPS: Truncate link address into 32bit for 32bit kernel"
Previous message: Jiaxun Yang: "[PATCH 6/6] dt-bindings: interrupt-controller: Add Loongson PCH MSI"
In reply to: Bernd Petrovitsch: "Re: [PATCH 1/4] fs: Implement close-on-fork"
Next in thread: Al Viro: "Re: Implement close-on-fork"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]