Bug 1254033 - Chapter 9.2 advice on using /proc/self/fd to close file descriptors before execve is dangerously wrong
Chapter 9.2 advice on using /proc/self/fd to close file descriptors before ex...
Status: NEW
Product: Fedora Documentation
Classification: Fedora
Component: defensive-coding-guide (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Florian Weimer
Fedora Docs QA
Depends On:
  Show dependency treegraph
Reported: 2015-08-16 20:35 EDT by Steven Stewart-Gallus
Modified: 2015-08-16 20:35 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Steven Stewart-Gallus 2015-08-16 20:35:21 EDT
Description of problem:

The documentation advises to open /proc/self/fd after forking and close the file descriptor entries found in there before calling execve. However, in a multi-threaded environment many memory allocators may deadlock after fork (opendir, and readdir may allocate memory.) As well, most commonly programmers implement this by looping over /proc/self/fd while closing file descriptors which is unsafe because it is like looping over a list while removing entries from it at the same time. Instead, one should set the close on execute bit on these file descriptors when looping over the directory entries (probably using the FIONCLEX ioctl for speed.)

Note You need to log in before you can comment on or make changes to this bug.