[Haskell-cafe] Re: Bug in runInteractiveProcess?
simonmarhaskell at gmail.com
Wed Oct 17 04:35:44 EDT 2007
Donn Cave wrote:
> On Oct 16, 2007, at 9:52 PM, Brandon S. Allbery KF8NH wrote:
>> On Oct 17, 2007, at 0:39 , Donn Cave wrote:
>>> As for closing file descriptors explicitly - if I remember right what
>>> I've seen
>>> in the NetBSD source, the UNIX popen() implementation may years ago
>>> have closed all file descriptors, but now it keeps track of the ones
>>> it created,
>>> and only closes them. I think that's the way to go, if closing fds.
>> Either implementation causes problems; security folks tend to prefer
>> that all file descriptors other than 0-2 (0-4 on Windows?) be closed,
>> and 0-2(4) be forced open (on /dev/null if they're not already open).
>> But in this case, the idea is to set FD_CLOEXEC on (and only on) file
>> descriptors opened by the Haskell runtime, so you would get the same
>> effect as tracking file descriptors manually.
> I can't speak for security folks, but for me, the way you put it goes
> way too far.
> The file descriptors at issue were opened by runInteractiveProcess, and
> FD_CLOEXEC on them would solve the whole problem (I think.) Is that
> what you mean? To set this flag routinely on all file descriptors
> opened in
> any way would require a different justification, and it would have to be a
> pretty good one!
Setting FD_CLOEXEC on just the pipes created by runInteractiveProcess
sounds right to me.
Certainly we don't want to set the flag on *all* FDs created in Haskell, in
particular users of System.Posix.openFd probably want to choose whether
they set FD_CLOEXEC or not.
Would someone like to create a bug report?
More information about the Haskell-Cafe