diff options
| author | Ori Bernstein <ori@eigenstate.org> | 2021-01-06 02:40:05 +0000 |
|---|---|---|
| committer | David du Colombier <0intro@gmail.com> | 2021-02-08 15:56:59 +0000 |
| commit | ed3e4afa12d655a0c5606bcf3dd4e1cdadcb1476 (patch) | |
| tree | ac0a65fe926482de0d455fc7ce1339f520fd381b | |
| parent | 724d0720b3e110f64598bf789cbe2a6a1b3b0fd8 (diff) | |
| download | go-ed3e4afa12d655a0c5606bcf3dd4e1cdadcb1476.tar.gz go-ed3e4afa12d655a0c5606bcf3dd4e1cdadcb1476.zip | |
syscall/plan9: remove spooky fd action at a distance
Change Plan 9 fork/exec to use the O_CLOEXEC file
descriptor, instead of relying on spooky at a
distance.
Historically, Plan 9 has set the O_CLOEXEC flag on
the underlying channels in the kernel, rather
than the file descriptors -- if two fds pointed
at a single channel, as with dup, changing the
flags on one of them would be observable on the
other.
The per-Chan semantics are ok, if unexpected,
when a chan is only handled within a single
process, but this isn't always the case.
Forked processes share Chans, but even more of
a problem is the interaction between /srv and
OCEXEC, which can lead to unexectedly closed
file descriptors in completely unrelated
proceses. For example:
func exists() bool {
// If some other thread execs here,
// we don't want to leak the fd, so
// open it O_CLOEXEC
fd := Open("/srv/foo", O_CLOEXEC)
if fd != -1 {
Close(fd)
return true
}
return false
}
would close the connection to any file descriptor
(maybe even for the root fs) in ALL other processes
that have it open if an exec were to happen(!),
which is quite undesriable.
As a result, 9front will be changing this behavior
for the next release.
Go is the only code observed so far that relies on
this behavior on purpose, and It's easy to make the
code work with both semantics: simply using the file
descriptor that was opened with O_CEXEC instead of
throwing it away.
So we do that here.
Fixes #43524
Change-Id: I4887f5c934a5e63e5e6c1bb59878a325abc928d3
GitHub-Last-Rev: 96bb21bd1e8f64dc7e082a56928748a7d54c9272
GitHub-Pull-Request: golang/go#43533
Reviewed-on: https://go-review.googlesource.com/c/go/+/281833
Reviewed-by: David du Colombier <0intro@gmail.com>
Reviewed-by: Richard Miller <millerresearch@gmail.com>
Reviewed-by: Jacob Moody <j4kem00dy@gmail.com>
Run-TryBot: David du Colombier <0intro@gmail.com>
Trust: Ian Lance Taylor <iant@golang.org>
| -rw-r--r-- | src/syscall/exec_plan9.go | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/syscall/exec_plan9.go b/src/syscall/exec_plan9.go index 47ccbdc384e..12c4237f69e 100644 --- a/src/syscall/exec_plan9.go +++ b/src/syscall/exec_plan9.go @@ -320,14 +320,15 @@ func cexecPipe(p []int) error { return e } - fd, e := Open("#d/"+itoa(p[1]), O_CLOEXEC) + fd, e := Open("#d/"+itoa(p[1]), O_RDWR|O_CLOEXEC) if e != nil { Close(p[0]) Close(p[1]) return e } - Close(fd) + Close(p[1]) + p[1] = fd return nil } |