[Haskell-cafe] Re: Bug in runInteractiveProcess?

Simon Marlow simonmarhaskell at gmail.com
Wed Oct 17 04:35:44 EDT 2007

Donn Cave wrote:
> On Oct 16, 2007, at 9:52 PM, Brandon S. Allbery KF8NH wrote:
>> On Oct 17, 2007, at 0:39 , Donn Cave wrote:
>> ...
>>> As for closing file descriptors explicitly - if I remember right what 
>>> I've seen
>>> in the NetBSD source, the UNIX popen() implementation may years ago
>>> have closed all file descriptors, but now it keeps track of the ones 
>>> it created,
>>> and only closes them.  I think that's the way to go, if closing fds.
>> Either implementation causes problems; security folks tend to prefer 
>> that all file descriptors other than 0-2 (0-4 on Windows?) be closed, 
>> and 0-2(4) be forced open (on /dev/null if they're not already open).  
>> But in this case, the idea is to set FD_CLOEXEC on (and only on) file 
>> descriptors opened by the Haskell runtime, so you would get the same 
>> effect as tracking file descriptors manually.
> I can't speak for security folks, but for me, the way you put it goes 
> way too far.
> The file descriptors at issue were opened by runInteractiveProcess, and
> FD_CLOEXEC on them would solve the whole problem (I think.)  Is that
> what you mean?  To set this flag routinely on all file descriptors 
> opened in
> any way would require a different justification, and it would have to be a
> pretty good one!

Setting FD_CLOEXEC on just the pipes created by runInteractiveProcess 
sounds right to me.

Certainly we don't want to set the flag on *all* FDs created in Haskell, in 
particular users of System.Posix.openFd probably want to choose whether 
they set FD_CLOEXEC or not.

Would someone like to create a bug report?


More information about the Haskell-Cafe mailing list