Set close-on-exec flagas to avoid FD leaks to subprocesses #220
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There is no use case in which one would need to share libdill's epoll file descriptor with a child process. Even if it was innocuous, it makes automated checking difficult as one has to consider this special case. Since libdill does not provide access to the internal epoll fd, the only way to fix this is to change the source code itself.
This is necessary to avoid leaking file descriptors to child processes. The implementation tries to use accept4 when available, since that sets the flag atomically with the creation of the connected socket, and falls back to accept()+fcntl if not.
The IPC and TPC subsystems call dill_fd_own which does not preserve the file descriptor flags. This means that even if the user creates the sockets with the proper flags, when they use "fromfd" the file descriptors will still be leaked to child processes. The implementation tries to use F_DUPFD_CLOEXEC if available.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
These fixes prevent file descriptor leaks in my application. There may still be other potential leak sources in functions that my application does not use.
I tried to implement
accept()usingaccept4()if it is available since that avoids a potential race condition. Same withfcntl(n,F_DUPFD_CLOEXEC,0)instead ofdup().