From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Andy Wingo <wingo@pobox.com>
Newsgroups: gmane.lisp.guile.devel
Subject: Re: Preventing file descriptor leak to execl'd processes
Date: Fri, 12 Mar 2021 22:22:59 +0100
Message-ID: <87wnucxe18.fsf@pobox.com>
References: <87czwc5ijd.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="2311"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cc: guile-devel <guile-devel@gnu.org>
To: Marius Bakke <marius@gnu.org>
Original-X-From: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Fri Mar 12 22:23:35 2021
Return-path: <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>
Envelope-to: guile-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>)
	id 1lKpFr-0000Le-Te
	for guile-devel@m.gmane-mx.org; Fri, 12 Mar 2021 22:23:31 +0100
Original-Received: from localhost ([::1]:40286 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>)
	id 1lKpFq-00045t-VI
	for guile-devel@m.gmane-mx.org; Fri, 12 Mar 2021 16:23:30 -0500
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:37422)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <wingo@pobox.com>) id 1lKpFb-00045m-Jw
 for guile-devel@gnu.org; Fri, 12 Mar 2021 16:23:15 -0500
Original-Received: from fanzine.igalia.com ([178.60.130.6]:38775)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <wingo@pobox.com>)
 id 1lKpFZ-0007Wt-58; Fri, 12 Mar 2021 16:23:15 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=igalia.com;
 s=20170329; 
 h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:References:Subject:Cc:To:From;
 bh=Lv1+KdrLC9YTXlAioM+y38vvqdgmGqpNG/2tDfGGelo=; 
 b=BLzSaYV+moXrWzwTVqdte8j2J3lGcZgFbaMGSe6px8t43HPAtE2JryejCXvesyu7E9I9Kgq8MEwZdMSfCItq8dw4vZY5ZkerzjbclgyjnyBMzwVy6d0nh8rsA1Mo1ftkXww7D7p/75/FF88odyvTv40C/krrIfc9fMgeuDYrTdzmnpQgQsd0s+GWD14+zLvRDBbrwnd1XwnRPBlAwlnfg+Mi5Iwo3/SbgjlGUSkce64m4rTfsf5qhCmzSys+y02PzCTIykGFqNcCci6dgobXxBBn1mieYGJW2QxSaxjGPhbpELU2wORlWhP+NoympRpH0c5btiSJZCCSeKr6/iDKrg==;
Original-Received: from 82-65-63-215.subs.proxad.net ([82.65.63.215] helo=sparrow)
 by fanzine.igalia.com with esmtpsa 
 (Cipher TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim)
 id 1lKpFV-00055l-Gb; Fri, 12 Mar 2021 22:23:09 +0100
In-Reply-To: <87czwc5ijd.fsf@gnu.org> (Marius Bakke's message of "Sat, 06 Mar
 2021 17:55:02 +0100")
Received-SPF: neutral client-ip=178.60.130.6; envelope-from=wingo@pobox.com;
 helo=fanzine.igalia.com
X-Spam_score_int: -10
X-Spam_score: -1.1
X-Spam_bar: -
X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, SPF_HELO_NONE=0.001,
 SPF_NEUTRAL=0.779 autolearn=no autolearn_force=no
X-Spam_action: no action
X-BeenThere: guile-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Developers list for Guile,
 the GNU extensibility library" <guile-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guile-devel>,
 <mailto:guile-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guile-devel>
List-Post: <mailto:guile-devel@gnu.org>
List-Help: <mailto:guile-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guile-devel>,
 <mailto:guile-devel-request@gnu.org?subject=subscribe>
Errors-To: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org
Original-Sender: "guile-devel" <guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.lisp.guile.devel:20705
Archived-At: <http://permalink.gmane.org/gmane.lisp.guile.devel/20705>

On Sat 06 Mar 2021 17:55, Marius Bakke <marius@gnu.org> writes:

> $ ls -l /proc/self/fd
> lrwx------ 1 marius marius 64 Mar  6 17:41 0 -> /dev/pts/18
> lrwx------ 1 marius marius 64 Mar  6 17:41 1 -> /dev/pts/18
> lrwx------ 1 marius marius 64 Mar  6 17:41 2 -> /dev/pts/18
> lr-x------ 1 marius marius 64 Mar  6 17:41 3 -> /proc/9940/fd
>
> $ /tmp/test-shell -c 'ls -l /proc/self/fd'
> lrwx------ 1 marius marius 64 Mar  6 17:41 0 -> /dev/pts/18
> lrwx------ 1 marius marius 64 Mar  6 17:41 1 -> /dev/pts/18
> lrwx------ 1 marius marius 64 Mar  6 17:41 2 -> /dev/pts/18
> lr-x------ 1 marius marius 64 Mar  6 17:41 3 -> /proc/9951/fd
> lr-x------ 1 marius marius 64 Mar  6 17:41 7 -> /tmp/test-shell
>
> I've managed to work around it by setting FD_CLOEXEC on it:
>
>   (port-for-each (lambda (port)
>                    (let ((name (port-filename port))
>                          (self (car (program-arguments))))
>                      (when (and name (string=? name self))
>                        (fcntl port F_SETFD (logior FD_CLOEXEC
>                                                    (fcntl port F_GETFD)))))))
>
> But it seems heavy-handed.  Is there an easier way to access the "script
> port"?  Perhaps Guile itself should make it FD_CLOEXEC by default?

I think Guile itself should make the load port FD_CLOEXEC / O_CLOEXEC.
More broadly there are a number of file descriptors in Guile that should
be cloexec but aren't yet.  Want to make a patch for the load port ? :)

Andy