New system calls: pidfd_open() and close_range()
New system calls: pidfd_open() and close_range()
Posted May 30, 2019 12:26 UTC (Thu) by roc (subscriber, #30627)In reply to: New system calls: pidfd_open() and close_range() by sbaugh
Parent article: New system calls: pidfd_open() and close_range()
> They can close file descriptors once at startup and thereafter make sure to use CLOEXEC to prevent file descriptor leakage. That works fine and doesn't encourage bad practices in the rest of userspace. But more generally...
That would mean a bug in a third-party library that creates a non-CLOEXEC file descriptor, even for a moment, creates a security hole for the sandbox. That's not really acceptable.
> If we shouldn't clear the environment before running the program, then we shouldn't close all file descriptors before running it.
I don't buy that argument. Reading the environment can't usually affect other processes. Reading or writing leaked file descriptors can, sometimes in very subtle ways.