From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Marius Bakke <marius@gnu.org>
Newsgroups: gmane.lisp.guile.devel
Subject: Preventing file descriptor leak to execl'd processes
Date: Sat, 06 Mar 2021 17:55:02 +0100
Message-ID: <87czwc5ijd.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="24679"; mail-complaints-to="usenet@ciao.gmane.io"
To: guile-devel <guile-devel@gnu.org>
Original-X-From: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Sat Mar 06 18:45:16 2021
Return-path: <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>
Envelope-to: guile-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>)
	id 1lIazL-0006HT-1j
	for guile-devel@m.gmane-mx.org; Sat, 06 Mar 2021 18:45:15 +0100
Original-Received: from localhost ([::1]:58000 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>)
	id 1lIazJ-0002VP-Hw
	for guile-devel@m.gmane-mx.org; Sat, 06 Mar 2021 12:45:13 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:43630)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <marius@gnu.org>) id 1lIaDD-00048M-7h
 for guile-devel@gnu.org; Sat, 06 Mar 2021 11:55:31 -0500
Original-Received: from fencepost.gnu.org ([2001:470:142:3::e]:41689)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <marius@gnu.org>) id 1lIaDD-0002vW-0N
 for guile-devel@gnu.org; Sat, 06 Mar 2021 11:55:31 -0500
Original-Received: from host-37-191-226-238.lynet.no ([37.191.226.238]:45924
 helo=localhost)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <marius@gnu.org>) id 1lIaCo-0005w3-4I
 for guile-devel@gnu.org; Sat, 06 Mar 2021 11:55:21 -0500
X-Mailman-Approved-At: Sat, 06 Mar 2021 12:44:52 -0500
X-BeenThere: guile-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Developers list for Guile,
 the GNU extensibility library" <guile-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guile-devel>,
 <mailto:guile-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guile-devel>
List-Post: <mailto:guile-devel@gnu.org>
List-Help: <mailto:guile-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guile-devel>,
 <mailto:guile-devel-request@gnu.org?subject=subscribe>
Errors-To: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org
Original-Sender: "guile-devel" <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.lisp.guile.devel:20692
Archived-At: <http://permalink.gmane.org/gmane.lisp.guile.devel/20692>

--=-=-=
Content-Type: text/plain

Hello Guilers,

I recently had the insa^W bright idea of making my login shell a Guile
script instead of fiddling so much with bashrc and the likes.

For example, here is how I start my window manager when logging into
TTY2 or TTY3:

$ cat /tmp/test-shell
#!/gnu/store/18hp7flyb3yid3yp49i6qcdq0sbi5l1n-guile-3.0.2/bin/guile --no-auto-compile
!#
(let ((bash "/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash")
      (sway "/gnu/store/9zffdhn3yrfim36ya1g0dwbj012pjk2p-sway-1.5.1/bin/sway")
      (tty (readlink "/proc/self/fd/0"))
      (args (cdr (program-arguments))))
  (if (and (string-prefix? "/dev/tty" tty)
           (or (string-suffix? "2" tty) (string-suffix? "3" tty))
           (not (getenv "DISPLAY")))
      (execl bash bash "--login" "-c"
                  (string-append "exec sway --config /etc/sway/config"))
      (apply execl bash bash args)))

It works great, except that the script filename (/tmp/test-shell) has
an open file descriptor which leaks into the new process:

$ ls -l /proc/self/fd
lrwx------ 1 marius marius 64 Mar  6 17:41 0 -> /dev/pts/18
lrwx------ 1 marius marius 64 Mar  6 17:41 1 -> /dev/pts/18
lrwx------ 1 marius marius 64 Mar  6 17:41 2 -> /dev/pts/18
lr-x------ 1 marius marius 64 Mar  6 17:41 3 -> /proc/9940/fd

$ /tmp/test-shell -c 'ls -l /proc/self/fd'
lrwx------ 1 marius marius 64 Mar  6 17:41 0 -> /dev/pts/18
lrwx------ 1 marius marius 64 Mar  6 17:41 1 -> /dev/pts/18
lrwx------ 1 marius marius 64 Mar  6 17:41 2 -> /dev/pts/18
lr-x------ 1 marius marius 64 Mar  6 17:41 3 -> /proc/9951/fd
lr-x------ 1 marius marius 64 Mar  6 17:41 7 -> /tmp/test-shell

I've managed to work around it by setting FD_CLOEXEC on it:

  (port-for-each (lambda (port)
                   (let ((name (port-filename port))
                         (self (car (program-arguments))))
                     (when (and name (string=? name self))
                       (fcntl port F_SETFD (logior FD_CLOEXEC
                                                   (fcntl port F_GETFD)))))))

But it seems heavy-handed.  Is there an easier way to access the "script
port"?  Perhaps Guile itself should make it FD_CLOEXEC by default?

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQFDBAEBCgAtFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAmBDs+cPHG1hcml1c0Bn
bnUub3JnAAoJEKKgbfKjOlT6RhcIALIjXSl/ooa6bsLBMtr8fI5Zk/MaxdCq53w6
9CNYnVfpy4c5erPXyyMEnt6963ShP116JLnJDavOTiSQJC3JPK/sMVywYqTGJpHM
zWfOqLER91jNlAQ+rbIjkdFeDRju4umscU14DVDhDdHfeEaWNypTzM1G2m1MF86x
MpcO5SNfVd7jFS+tKiSr4DXa0ga5CTrPuDaho+VKdnLAItoo17v3LQD6kNusVJsl
u0D32Z5SVzlH0zOWy/46A5zfCe9ABnWacIA67QYKjEiO32/HC5IntGd9Hsn+ioPx
xeP1cJqHwfWZd2mlU02fEfXtu8M/neEp691uSpDeps5VznpJN6k=
=MUaA
-----END PGP SIGNATURE-----
--=-=-=--