[Haskell-cafe] Discussion: The CLOEXEC problem

Mike Meyer mwm at mired.org
Sat Jul 25 19:32:45 UTC 2015


While this discussion has been about the programming errors that result
from leaked file descriptors, can I point out what I think is a more
important issue?

A leaked file descriptor is a potential security hole. If you want your
code to be secure - and in this age of internet-based applications built by
plugging things together, that should always be the case - you want bugs
from not dealing with an access issue to result in a permission denied
error, not someone being able to read stuff they shouldn't.

So while we can't fix all the holes related to this issue or the larger
issues related to forking a threaded program, changing the default to
automatically close things will result in improving the security of haskell
programs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20150725/48c6f548/attachment.html>


More information about the Haskell-Cafe mailing list