Bug 1254033

Summary: Chapter 9.2 advice on using /proc/self/fd to close file descriptors before execve is dangerously wrong
Product: [Fedora] Fedora Documentation Reporter: Steven Stewart-Gallus <sstewartgallus00>
Component: defensive-coding-guideAssignee: Florian Weimer <fweimer>
Status: CLOSED EOL QA Contact: Fedora Docs QA <docs-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: develCC: fweimer
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-11-07 15:30:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Steven Stewart-Gallus 2015-08-17 00:35:21 UTC 
Description of problem:

The documentation advises to open /proc/self/fd after forking and close the file descriptor entries found in there before calling execve. However, in a multi-threaded environment many memory allocators may deadlock after fork (opendir, and readdir may allocate memory.) As well, most commonly programmers implement this by looping over /proc/self/fd while closing file descriptors which is unsafe because it is like looping over a list while removing entries from it at the same time. Instead, one should set the close on execute bit on these file descriptors when looping over the directory entries (probably using the FIONCLEX ioctl for speed.)
Comment 1 Petr Bokoc 2019-11-07 15:30:19 UTC 
I'm closing this bug as part of a Bugzilla cleanup effort. The most likely reason is that the bug has been opened either against a component we no longer publish, or against Release Notes for an EOL release.