[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Descriptor leak
|
From: |
Chet Ramey |
|
Subject: |
Re: Descriptor leak |
|
Date: |
Fri, 21 Nov 2008 14:41:42 -0500 |
|
User-agent: |
Thunderbird 2.0.0.17 (Macintosh/20080914) |
schwab@suse.de wrote:
> Bash Version: 3.2
> Patch Level: 39
> Release Status: release
>
> Description:
> Bash leaks a descriptor to its children when executing a brace
> enclosed compound list with a redirection that closes a
> non-standard descriptor.
>
> Repeat-By:
> $ exec 4>&1
> $ { /bin/ls /proc/self/fd/*; } 4<&-
> /bin/ls: cannot access /proc/self/fd/255: No such file or directory
> /bin/ls: cannot access /proc/self/fd/3: No such file or directory
> /proc/self/fd/0 /proc/self/fd/1 /proc/self/fd/10 /proc/self/fd/2
>
> /proc/self/fd/10 should not be open in the child.
Here is the relevant comment from redir.c:
/* File descriptors used only for saving others should always be
marked close-on-exec. Unfortunately, we have to preserve the
close-on-exec state of the file descriptor we are saving, since
fcntl (F_DUPFD) sets the new file descriptor to remain open
across execs. If, however, the file descriptor whose state we
are saving is <= 2, we can just set the close-on-exec flag,
because file descriptors 0-2 should always be open-on-exec,
and the restore above in do_redirection() will take care of it. */
Right now, a file descriptor used to save the state of another is saved
as an exact copy of it. Bash doesn't use any flags or heuristics other
than those mentioned in the comment to save state -- if the descriptor
being saved is > 2, the descriptor used to save has to preserve it exactly,
including the state of the close-on-exec flag.
There might be other ways to do it, but this is what we have right now.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/