Skip to content
Snippets Groups Projects
Unverified Commit 6ff13185 authored by Michael Snoyman's avatar Michael Snoyman Committed by GitHub
Browse files

Merge pull request #288 from bgamari/wip/T287 

cbits/fork_exec: Eliminate potential leakage of comm. pipes
parents a8ef7993 152535e4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
cbits/posix/fork_exec.c
+ 15
9
View file @ 6ff13185
/* ensure that execvpe is provided if possible */ /* Ensure that execvpe and pipe2 are provided if possible */
#define _GNU_SOURCE 1 #define _GNU_SOURCE 1
/* Ensure getpwuid_r(3) is available on Solaris. */ /* Ensure getpwuid_r(3) is available on Solaris. */
...@@ -31,10 +31,7 @@ ...@@ -31,10 +31,7 @@
#include <Rts.h> #include <Rts.h>
#if defined(HAVE_WORKING_FORK) #if !defined(HAVE_WORKING_FORK)
#define myfork fork
// We don't need a fork command on Windows
#else
#error Cannot find a working fork command #error Cannot find a working fork command
#endif #endif
...@@ -101,8 +98,11 @@ setup_std_handle_fork(int fd, ...@@ -101,8 +98,11 @@ setup_std_handle_fork(int fd,
} }
} }
/* We must ensure that the fork communications pipe does not inhabit fds 0 /* This will `dup` the given fd such that it does not fall in the range of
* through 2 since we will need to manipulate these fds in * stdin/stdout/stderr, if necessary. The new handle will have O_CLOEXEC.
*
* This is necessary as we must ensure that the fork communications pipe does
* not inhabit fds 0 through 2 since we will need to manipulate these fds in
* setup_std_handle_fork while keeping the pipe available so that it can report * setup_std_handle_fork while keeping the pipe available so that it can report
* errors. See #266. * errors. See #266.
*/ */
...@@ -111,7 +111,7 @@ int unshadow_pipe_fd(int fd, char **failed_doing) { ...@@ -111,7 +111,7 @@ int unshadow_pipe_fd(int fd, char **failed_doing) {
return fd; return fd;
} }
int new_fd = fcntl(fd, F_DUPFD, 3); int new_fd = fcntl(fd, F_DUPFD_CLOEXEC, 3);
if (new_fd == -1) { if (new_fd == -1) {
*failed_doing = "fcntl(F_DUP_FD)"; *failed_doing = "fcntl(F_DUP_FD)";
return -1; return -1;
...@@ -132,7 +132,13 @@ do_spawn_fork (char *const args[], ...@@ -132,7 +132,13 @@ do_spawn_fork (char *const args[],
char **failed_doing) char **failed_doing)
{ {
int forkCommunicationFds[2]; int forkCommunicationFds[2];
int r = pipe(forkCommunicationFds); int r;
#if defined(HAVE_PIPE2)
r = pipe2(forkCommunicationFds, O_CLOEXEC);
#else
r = pipe(forkCommunicationFds);
#endif
if (r == -1) { if (r == -1) {
*failed_doing = "pipe"; *failed_doing = "pipe";
return -1; return -1;
......
configure.ac
+ 5
0
View file @ 6ff13185
...@@ -15,6 +15,11 @@ AC_CHECK_HEADERS([signal.h sys/wait.h fcntl.h]) ...@@ -15,6 +15,11 @@ AC_CHECK_HEADERS([signal.h sys/wait.h fcntl.h])
AC_CHECK_FUNCS([setitimer sysconf]) AC_CHECK_FUNCS([setitimer sysconf])
AC_CHECK_FUNCS([execvpe]) AC_CHECK_FUNCS([execvpe])
AC_CHECK_FUNCS([pipe2],[],[],[
#define _GNU_SOURCE
#include <unistd.h>
#include <fcntl.h>
])
# posix_spawn checks # posix_spawn checks
AC_CHECK_HEADERS([spawn.h]) AC_CHECK_HEADERS([spawn.h])
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment