[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: purpose of *-safer?
|
From: |
Eric Blake |
|
Subject: |
Re: purpose of *-safer? |
|
Date: |
Tue, 25 Jul 2006 18:47:00 -0600 |
|
User-agent: |
Thunderbird 1.5.0.4 (Windows/20060516) |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Bruno Haible on 7/25/2006 2:05 PM:
> Hi Paul,
>
> When is it recommended to use these *-safer modules?
>
> What I understand is: If one of the file descriptors 0, 1, 2 is
> closed at program startup, and if you later use open() or fopen(), it
> might be possible that printf or fprintf statements to stdout or stderr
> are directed into this completely unrelated file.
>
> But when does this occur? Does 'sh' or 'bash' invoke programs in this
> state? Does Apache do so when running cgi-bin programs?
It can. POSIX requires [n]>&- and [n]<&- redirection operators to close
the respective stream, even when n is 0, 1, or 2. POSIX allows an
implementation to supply replacement file descriptors when exec'ing a
setuid or setgid program. But in the normal case, implementations really
do allow you to start life with any of the three standard streams closed.
>
> It is regarded as antisocial if a program starts another program with
> some file descriptors in O_NONBLOCK mode. Or when a program starts
> another program with a nonzero mask of ignored signals (sigprocmask).
> Isn't passing closed descriptors 0, 1, or 2, of the same category?
Yes, but that doesn't mean GNU programs can't be robust against it.
>
> And wouldn't there be an easier workaround: At the beginning of main(),
> use fcntl() to determine whether 0,1,2 are closed, and if so, replace
> them with open("/dev/null") ?
Possibly. And if we did, it would make more sense to open fd 0 as write
only and fd 1 as read only, to be more likely to catch attempts to use
these streams when the user intended them to be closed. But it is nicer
to have the error message reflect the actual situation of EBADF. And in
some cases, the fact that the stream is closed is harmless (such as cp a b
>&-, which produced no output).
>
> Just asking because I'm wondering whether not using these modules
> in GNU gettext leads to bugs.
Possibly. See my thread in m4 for the types of bugs I just fixed by using
the -safer modules.
http://lists.gnu.org/archive/html/bug-m4/2006-07/msg00021.html
- --
Life is short - so eat dessert first!
Eric Blake address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFExruD84KuGfSFAYARAreyAJwLuG859fNR44VfzT+mo+uwc9+8hgCfb1Uc
LwhoCjSNaXYVtk7pjhA24Ak=
=NFFm
-----END PGP SIGNATURE-----
- split stdio-safer into fopen-safer, tmpfile-safer, Paul Eggert, 2006/07/25
- Re: split stdio-safer into fopen-safer, tmpfile-safer, Eric Blake, 2006/07/25
- Re: split stdio-safer into fopen-safer, tmpfile-safer, Ben Pfaff, 2006/07/25
- Re: split stdio-safer into fopen-safer, tmpfile-safer, Eric Blake, 2006/07/25
- Re: [bug-gnulib] split stdio-safer into fopen-safer, tmpfile-safer, Bruno Haible, 2006/07/26
- Re: split stdio-safer into fopen-safer, tmpfile-safer, Ben Pfaff, 2006/07/26
- Re: split stdio-safer into fopen-safer, tmpfile-safer, Eric Blake, 2006/07/26
- Re: split stdio-safer into fopen-safer, tmpfile-safer, Paul Eggert, 2006/07/27
- Re: purpose of *-safer?, Bruno Haible, 2006/07/25
- Re: purpose of *-safer?,
Eric Blake <=
- Re: purpose of *-safer?, Paul Eggert, 2006/07/27
- Re: purpose of *-safer?, Jim Meyering, 2006/07/27
Re: split stdio-safer into fopen-safer, tmpfile-safer, Eric Blake, 2006/07/28