Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP id m757tDo4029470; Tue, 5 Aug 2008 03:55:13 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m757t885015173; Tue, 5 Aug 2008 03:55:08 -0400 Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m757qt5Z014750 for ; Tue, 5 Aug 2008 03:52:55 -0400 Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by biscayne-one-station.mit.edu (8.13.6/8.9.2) with ESMTP id m757qrDH006367; Tue, 5 Aug 2008 03:52:54 -0400 (EDT) Received: from squish.raeburn.org (c-65-96-169-35.hsd1.ma.comcast.net [65.96.169.35]) (authenticated bits=0) (User authenticated as raeburn@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id m757qrVA000211 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 5 Aug 2008 03:52:53 -0400 (EDT) Message-ID: <42480A44-88E5-490B-8780-F8ABB4E01B88@mit.edu> From: Ken Raeburn To: krb5-bugs@MIT.EDU Content-Type: text/plain; charset=ISO-8859-1; format=flowed; delsp=yes Subject: better handling of close-on-exec race MIME-Version: 1.0 (Apple Message framework v928.1) Date: Tue, 5 Aug 2008 03:52:53 -0400 References: <1217894326.4199.43.camel@naomi.s4.naomi.abartlet.net> X-Mailer: Apple Mail (2.928.1) X-Scanned-BY: MIMEDefang 2.42 X-Spam-Flag: NO X-Spam-Score: 0.00 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from quoted-printable to 8bit by pch.mit.edu id m757qt5Z014750 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.MIT.EDU Errors-To: krb5-bugs-incoming-bounces@PCH.MIT.EDU X-RT-Original-Encoding: iso-8859-1 Content-Length: 2153 Newer Linux kernels (and I guess glibc versions) are getting support for having new file descriptors have the close-on-exec flag set from the start, eliminating the race condition. We probably want a similar fix -- wrappers for open, fopen, accept, and so on, that use these hooks if present, and otherwise perform the traditional operation and then set close-on-exec as quickly as possible. Begin forwarded message: > From: Andrew Bartlett > Date: August 4, 2008 19:58:46 EDT > To: Love Hörnquist Åstrand > Cc: heimdal-discuss > Subject: Re: [Heimdal-source-changes] heimdal r23441 - trunk/heimdal/ > lib/roken > Reply-To: heimdal-discuss@sics.se, Andrew Bartlett > > X-Spam-Score: 0.13 > > On Mon, 2008-07-28 at 08:26 +0100, Love Hörnquist Åstrand wrote: >> 28 jul 2008 kl. 01.15 skrev Andrew Bartlett: >> >>> On Sun, 2008-07-27 at 14:05 +0200, lha@it.su.se wrote: >>>> Author: lha >>>> Name: Love Hrnquist strand >>>> Date: 2008-07-27 14:05:11 +0200 (Sun, 27 Jul 2008) >>>> Repository: heimdal >>>> Repository Path:/afs/su.se/services/svn/heimdal >>>> New Revision: 23441 >>>> >>>> Added: >>>> trunk/heimdal/lib/roken/cloexec.c >>>> Log: >>>> Wrapper function for close on exec(). >>> >>> Is this really the right way to do this? >>> >>> Given that recent Linux has a completely race-free way of handling >>> this, >>> shouldn't this be added to a roken version of open(), emulated on >>> other >>> systems? >> >> We need to to do it for socket/fopen/opendir too, and I rather not >> sprinkle that 5 lines all over the place. >> >> That said, we should pass in O_CLOEXEC to open(2) calls too (just >> like >> we do with O_BINARY). >> >> Thanks for point O_CLOEXEC out, I had totally missed that. > > Just to keep you busy, this should summarise all the calls and the way > they have been adjusted to avoid this race: > > http://udrepper.livejournal.com/20407.html > > Andrew Bartlett > -- > Andrew Bartlett > http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Red Hat Inc.