git: libc - Fix numerous fork/exec*() leaks, also add mkostemp() and mkostemps().

Matthew Dillon dillon at crater.dragonflybsd.org
Wed Jul 27 11:22:06 PDT 2016


commit 5270936ced7738caef7b7302e4b02466f8e913bc
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Wed Jul 27 11:13:44 2016 -0700

    libc - Fix numerous fork/exec*() leaks, also add mkostemp() and mkostemps().
    
    * Use O_CLOEXEC in many places to prevent temporary descriptors from leaking
      into fork/exec'd code (e.g. in multi-threaded situations).
    
    * Note that the popen code will close any other popen()'d descriptors in
      the child process that it forks just prior to exec.  However, there was
      a descriptor leak where another thread issuing popen() at the same time
      could leak the descriptors into their exec.
    
      Use O_CLOEXEC to close this hole.
    
    * popen() now accepts the 'e' flag (i.e. "re") to retain O_CLOEXEC in the
      returned descriptor.  Normal "r" (etc) will clear O_CLOEXEC in the returned
      descriptor.
    
      Note that normal "r" modes are still fine for most use cases since popen
      properly closes other popen()d descriptors in the fork().  BUT!! If the
      threaded program calls exec*() in other ways, such descriptors may
      unintentionally be passed onto sub-processes.  So consider using "re".
    
    * Add mkostemp() and mkostemps() to allow O_CLOEXEC to be passed in,
      closing a thread race that would otherwise leak the temporary descriptor
      into other fork/exec()s.
    
    Taken-from: Mostly taken from FreeBSD

Summary of changes:
 include/stdlib.h              |  2 ++
 lib/libc/db/btree/bt_open.c   |  5 +++--
 lib/libc/db/db/db.c           |  2 +-
 lib/libc/db/hash/hash.c       |  2 +-
 lib/libc/db/hash/hash_page.c  |  3 ++-
 lib/libc/db/recno/rec_open.c  |  2 +-
 lib/libc/gen/arc4random.c     |  2 +-
 lib/libc/gen/getcap.c         |  2 +-
 lib/libc/gen/nlist.c          |  2 +-
 lib/libc/gen/popen.c          | 17 ++++++++++++++---
 lib/libc/gen/readpassphrase.c |  2 +-
 lib/libc/gen/syslog.c         |  2 +-
 lib/libc/gen/wordexp.c        |  4 +++-
 lib/libc/gmon/gmon.c          |  4 ++--
 lib/libc/stdio/Symbol.map     |  5 +++++
 lib/libc/stdio/fdopen.c       |  4 ++++
 lib/libc/stdio/freopen.c      | 16 +++++++++++++---
 lib/libc/stdio/mktemp.3       | 22 ++++++++++++++++++++++
 lib/libc/stdio/mktemp.c       | 33 +++++++++++++++++++++++++++------
 lib/libc/yp/yplib.c           |  2 +-
 20 files changed, 106 insertions(+), 27 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/5270936ced7738caef7b7302e4b02466f8e913bc


-- 
DragonFly BSD source repository



More information about the Commits mailing list