* Preventing file descriptor leak to execl'd processes
@ 2021-03-06 16:55 Marius Bakke
2021-03-06 18:04 ` Maxime Devos
2021-03-12 21:22 ` Andy Wingo
0 siblings, 2 replies; 3+ messages in thread
From: Marius Bakke @ 2021-03-06 16:55 UTC (permalink / raw)
To: guile-devel
[-- Attachment #1: Type: text/plain, Size: 2169 bytes --]
Hello Guilers,
I recently had the insa^W bright idea of making my login shell a Guile
script instead of fiddling so much with bashrc and the likes.
For example, here is how I start my window manager when logging into
TTY2 or TTY3:
$ cat /tmp/test-shell
#!/gnu/store/18hp7flyb3yid3yp49i6qcdq0sbi5l1n-guile-3.0.2/bin/guile --no-auto-compile
!#
(let ((bash "/gnu/store/87kif0bpf0anwbsaw0jvg8fyciw4sz67-bash-5.0.16/bin/bash")
(sway "/gnu/store/9zffdhn3yrfim36ya1g0dwbj012pjk2p-sway-1.5.1/bin/sway")
(tty (readlink "/proc/self/fd/0"))
(args (cdr (program-arguments))))
(if (and (string-prefix? "/dev/tty" tty)
(or (string-suffix? "2" tty) (string-suffix? "3" tty))
(not (getenv "DISPLAY")))
(execl bash bash "--login" "-c"
(string-append "exec sway --config /etc/sway/config"))
(apply execl bash bash args)))
It works great, except that the script filename (/tmp/test-shell) has
an open file descriptor which leaks into the new process:
$ ls -l /proc/self/fd
lrwx------ 1 marius marius 64 Mar 6 17:41 0 -> /dev/pts/18
lrwx------ 1 marius marius 64 Mar 6 17:41 1 -> /dev/pts/18
lrwx------ 1 marius marius 64 Mar 6 17:41 2 -> /dev/pts/18
lr-x------ 1 marius marius 64 Mar 6 17:41 3 -> /proc/9940/fd
$ /tmp/test-shell -c 'ls -l /proc/self/fd'
lrwx------ 1 marius marius 64 Mar 6 17:41 0 -> /dev/pts/18
lrwx------ 1 marius marius 64 Mar 6 17:41 1 -> /dev/pts/18
lrwx------ 1 marius marius 64 Mar 6 17:41 2 -> /dev/pts/18
lr-x------ 1 marius marius 64 Mar 6 17:41 3 -> /proc/9951/fd
lr-x------ 1 marius marius 64 Mar 6 17:41 7 -> /tmp/test-shell
I've managed to work around it by setting FD_CLOEXEC on it:
(port-for-each (lambda (port)
(let ((name (port-filename port))
(self (car (program-arguments))))
(when (and name (string=? name self))
(fcntl port F_SETFD (logior FD_CLOEXEC
(fcntl port F_GETFD)))))))
But it seems heavy-handed. Is there an easier way to access the "script
port"? Perhaps Guile itself should make it FD_CLOEXEC by default?
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 507 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Preventing file descriptor leak to execl'd processes
2021-03-06 16:55 Preventing file descriptor leak to execl'd processes Marius Bakke
@ 2021-03-06 18:04 ` Maxime Devos
2021-03-12 21:22 ` Andy Wingo
1 sibling, 0 replies; 3+ messages in thread
From: Maxime Devos @ 2021-03-06 18:04 UTC (permalink / raw)
To: Marius Bakke, guile-devel
[-- Attachment #1.1: Type: text/plain, Size: 665 bytes --]
On Sat, 2021-03-06 at 17:55 +0100, Marius Bakke wrote:
> Hello Guilers,
>
> [...]
>
> It works great, except that the script filename (/tmp/test-shell) has
> an open file descriptor which leaks into the new process:
>
> [...]
>
> I've managed to work around it by setting FD_CLOEXEC on it:
>
> [code using port-for-each and port-filename]
>
> But it seems heavy-handed. Is there an easier way to access the "script
> port"? Perhaps Guile itself should make it FD_CLOEXEC by default?
Easy way to access the ‘script port’: the Scheme procedure current-load-port.
Take a look at the output of the attached script.
Greetings,
Maxime
[-- Attachment #1.2: Type: text/x-scheme, Size: 423 bytes --]
#!/gnu/store/m5iprcg6pb5ch86r9agmqwd8v6kp7999-guile-3.0.5/bin/guile --no-auto-compile
!#
(eval-when (expand)
(pk 'expand (current-load-port) (fileno (current-load-port))))
(eval-when (load)
(pk 'load (current-load-port) (fileno (current-load-port))))
(eval-when (eval)
(pk 'eval (current-load-port) (fileno (current-load-port))))
(eval-when (compile)
(pk 'compile (current-load-port) (fileno (current-load-port))))
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 260 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: Preventing file descriptor leak to execl'd processes
2021-03-06 16:55 Preventing file descriptor leak to execl'd processes Marius Bakke
2021-03-06 18:04 ` Maxime Devos
@ 2021-03-12 21:22 ` Andy Wingo
1 sibling, 0 replies; 3+ messages in thread
From: Andy Wingo @ 2021-03-12 21:22 UTC (permalink / raw)
To: Marius Bakke; +Cc: guile-devel
On Sat 06 Mar 2021 17:55, Marius Bakke <marius@gnu.org> writes:
> $ ls -l /proc/self/fd
> lrwx------ 1 marius marius 64 Mar 6 17:41 0 -> /dev/pts/18
> lrwx------ 1 marius marius 64 Mar 6 17:41 1 -> /dev/pts/18
> lrwx------ 1 marius marius 64 Mar 6 17:41 2 -> /dev/pts/18
> lr-x------ 1 marius marius 64 Mar 6 17:41 3 -> /proc/9940/fd
>
> $ /tmp/test-shell -c 'ls -l /proc/self/fd'
> lrwx------ 1 marius marius 64 Mar 6 17:41 0 -> /dev/pts/18
> lrwx------ 1 marius marius 64 Mar 6 17:41 1 -> /dev/pts/18
> lrwx------ 1 marius marius 64 Mar 6 17:41 2 -> /dev/pts/18
> lr-x------ 1 marius marius 64 Mar 6 17:41 3 -> /proc/9951/fd
> lr-x------ 1 marius marius 64 Mar 6 17:41 7 -> /tmp/test-shell
>
> I've managed to work around it by setting FD_CLOEXEC on it:
>
> (port-for-each (lambda (port)
> (let ((name (port-filename port))
> (self (car (program-arguments))))
> (when (and name (string=? name self))
> (fcntl port F_SETFD (logior FD_CLOEXEC
> (fcntl port F_GETFD)))))))
>
> But it seems heavy-handed. Is there an easier way to access the "script
> port"? Perhaps Guile itself should make it FD_CLOEXEC by default?
I think Guile itself should make the load port FD_CLOEXEC / O_CLOEXEC.
More broadly there are a number of file descriptors in Guile that should
be cloexec but aren't yet. Want to make a patch for the load port ? :)
Andy
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-03-12 21:22 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-06 16:55 Preventing file descriptor leak to execl'd processes Marius Bakke
2021-03-06 18:04 ` Maxime Devos
2021-03-12 21:22 ` Andy Wingo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).