From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Maxime Devos Newsgroups: gmane.lisp.guile.devel Subject: Re: Preventing file descriptor leak to execl'd processes Date: Sat, 06 Mar 2021 19:04:05 +0100 Message-ID: <2fef0f8235c3dab7263dd1a38bea51d384414458.camel@telenet.be> References: <87czwc5ijd.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-s7Z5yfE35hfQ1JWoPL7p" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="1590"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Evolution 3.34.2 To: Marius Bakke , guile-devel Original-X-From: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Sat Mar 06 19:36:27 2021 Return-path: Envelope-to: guile-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lIbmt-0000K1-H6 for guile-devel@m.gmane-mx.org; Sat, 06 Mar 2021 19:36:27 +0100 Original-Received: from localhost ([::1]:47208 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lIbms-00066T-H8 for guile-devel@m.gmane-mx.org; Sat, 06 Mar 2021 13:36:26 -0500 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:55400) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lIbHo-0005rl-Aj for guile-devel@gnu.org; Sat, 06 Mar 2021 13:04:20 -0500 Original-Received: from michel.telenet-ops.be ([2a02:1800:110:4::f00:18]:33878) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lIbHm-00024m-07 for guile-devel@gnu.org; Sat, 06 Mar 2021 13:04:20 -0500 Original-Received: from ptr-bvsjgyjmffd7q9timvx.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:aaf1:9810:a0b8:a55d]) by michel.telenet-ops.be with bizsmtp id d64E2400V0mfAB40664EBm; Sat, 06 Mar 2021 19:04:14 +0100 In-Reply-To: <87czwc5ijd.fsf@gnu.org> DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r21; t=1615053854; bh=Ou4zViB+nN6bRfAVz/IpElvEP0JJ2zG2T19pq+xmotw=; h=Subject:From:To:Date:In-Reply-To:References; b=fBahORkpatfhT5DbBCtT5P9v+cZzLm6LerkK+AcYVknsPeEF+bK7kXzT7eNgTAas/ WxYh+vAriUzxbuCjIZTxMZUYe18YXpSg8RyjTgKtkAvsPY3LUHdq7sWdFya151N9XI V/QfZ38GXBxOKmJbVvv8lv6zH1/Kn3mMvpAfhT0ZWRmrAWQubR9qEbNTlqpSOpNbQ+ q/Qw1IHltC6jV86Ajp1pD9Gr0Bz0xDX701J0Uu7rKExJ8auvQMEm49Qt/H1TTYPyY4 PlrsTUhe9qS0vUT7y8b5RkB0RVpmUsU0oYYOh08lMLW3Ohha1qylm9oluXWoRT/L6K iON5JDnsIIN+A== Received-SPF: pass client-ip=2a02:1800:110:4::f00:18; envelope-from=maximedevos@telenet.be; helo=michel.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Mailman-Approved-At: Sat, 06 Mar 2021 13:35:52 -0500 X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Original-Sender: "guile-devel" Xref: news.gmane.io gmane.lisp.guile.devel:20694 Archived-At: --=-s7Z5yfE35hfQ1JWoPL7p Content-Type: multipart/mixed; boundary="=-d+yRCotGYBYWsPYM717l" --=-d+yRCotGYBYWsPYM717l Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, 2021-03-06 at 17:55 +0100, Marius Bakke wrote: > Hello Guilers, >=20 > [...] >=20 > It works great, except that the script filename (/tmp/test-shell) has > an open file descriptor which leaks into the new process: >=20 > [...] >=20 > I've managed to work around it by setting FD_CLOEXEC on it: >=20 > [code using port-for-each and port-filename] >=20 > But it seems heavy-handed. Is there an easier way to access the "script > port"? Perhaps Guile itself should make it FD_CLOEXEC by default? Easy way to access the =E2=80=98script port=E2=80=99: the Scheme procedure = current-load-port. Take a look at the output of the attached script. Greetings, Maxime --=-d+yRCotGYBYWsPYM717l Content-Description: Content-Disposition: attachment; filename="script.scm" Content-Type: text/x-scheme; name="script.scm"; charset="UTF-8" Content-Transfer-Encoding: base64 IyEvZ251L3N0b3JlL201aXByY2c2cGI1Y2g4NnI5YWdtcXdkOHY2a3A3OTk5LWd1aWxlLTMuMC41 L2Jpbi9ndWlsZSAtLW5vLWF1dG8tY29tcGlsZQohIwooZXZhbC13aGVuIChleHBhbmQpCiAgKHBr ICdleHBhbmQgKGN1cnJlbnQtbG9hZC1wb3J0KSAoZmlsZW5vIChjdXJyZW50LWxvYWQtcG9ydCkp KSkKKGV2YWwtd2hlbiAobG9hZCkKICAocGsgJ2xvYWQgKGN1cnJlbnQtbG9hZC1wb3J0KSAoZmls ZW5vIChjdXJyZW50LWxvYWQtcG9ydCkpKSkKKGV2YWwtd2hlbiAoZXZhbCkKICAocGsgJ2V2YWwg KGN1cnJlbnQtbG9hZC1wb3J0KSAoZmlsZW5vIChjdXJyZW50LWxvYWQtcG9ydCkpKSkKKGV2YWwt d2hlbiAoY29tcGlsZSkKICAocGsgJ2NvbXBpbGUgKGN1cnJlbnQtbG9hZC1wb3J0KSAoZmlsZW5v IChjdXJyZW50LWxvYWQtcG9ydCkpKSkK --=-d+yRCotGYBYWsPYM717l-- --=-s7Z5yfE35hfQ1JWoPL7p Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYIADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYEPEFhccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7guSAP9Zlsh4aES9jG60uMHgnbmL2FgH tJvf5gh1jcLI2kqKnAD/Q7SXKWtKuakFXFBHUUVWllPieE/EHn8GAUBO5NXamwQ= =NI3P -----END PGP SIGNATURE----- --=-s7Z5yfE35hfQ1JWoPL7p--