mirror of
https://github.com/adulau/aha.git
synced 2025-01-03 22:53:18 +00:00
f23513e8d9
The problem is as follows: in multi-threaded code (or more correctly: all code using clone() with CLONE_FILES) we have a race when exec'ing. thread #1 thread #2 fd=open() fork + exec fcntl(fd,F_SETFD,FD_CLOEXEC) In some applications this can happen frequently. Take a web browser. One thread opens a file and another thread starts, say, an external PDF viewer. The result can even be a security issue if that open file descriptor refers to a sensitive file and the external program can somehow be tricked into using that descriptor. Just adding O_CLOEXEC support to open() doesn't solve the whole set of problems. There are other ways to create file descriptors (socket, epoll_create, Unix domain socket transfer, etc). These can and should be addressed separately though. open() is such an easy case that it makes not much sense putting the fix off. The test program: #include <errno.h> #include <fcntl.h> #include <stdio.h> #include <unistd.h> #ifndef O_CLOEXEC # define O_CLOEXEC 02000000 #endif int main (int argc, char *argv[]) { int fd; if (argc > 1) { fd = atol (argv[1]); printf ("child: fd = %d\n", fd); if (fcntl (fd, F_GETFD) == 0 || errno != EBADF) { puts ("file descriptor valid in child"); return 1; } return 0; } fd = open ("/proc/self/exe", O_RDONLY | O_CLOEXEC); printf ("in parent: new fd = %d\n", fd); char buf[20]; snprintf (buf, sizeof (buf), "%d", fd); execl ("/proc/self/exe", argv[0], buf, NULL); puts ("execl failed"); return 1; } [kyle@parisc-linux.org: parisc fix] Signed-off-by: Ulrich Drepper <drepper@redhat.com> Acked-by: Ingo Molnar <mingo@elte.hu> Cc: Davide Libenzi <davidel@xmailserver.org> Cc: Michael Kerrisk <mtk-manpages@gmx.net> Cc: Chris Zankel <chris@zankel.net> Signed-off-by: Kyle McMartin <kyle@parisc-linux.org> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
151 lines
3.3 KiB
C
151 lines
3.3 KiB
C
#ifndef _ASM_GENERIC_FCNTL_H
|
|
#define _ASM_GENERIC_FCNTL_H
|
|
|
|
#include <linux/types.h>
|
|
|
|
/* open/fcntl - O_SYNC is only implemented on blocks devices and on files
|
|
located on an ext2 file system */
|
|
#define O_ACCMODE 00000003
|
|
#define O_RDONLY 00000000
|
|
#define O_WRONLY 00000001
|
|
#define O_RDWR 00000002
|
|
#ifndef O_CREAT
|
|
#define O_CREAT 00000100 /* not fcntl */
|
|
#endif
|
|
#ifndef O_EXCL
|
|
#define O_EXCL 00000200 /* not fcntl */
|
|
#endif
|
|
#ifndef O_NOCTTY
|
|
#define O_NOCTTY 00000400 /* not fcntl */
|
|
#endif
|
|
#ifndef O_TRUNC
|
|
#define O_TRUNC 00001000 /* not fcntl */
|
|
#endif
|
|
#ifndef O_APPEND
|
|
#define O_APPEND 00002000
|
|
#endif
|
|
#ifndef O_NONBLOCK
|
|
#define O_NONBLOCK 00004000
|
|
#endif
|
|
#ifndef O_SYNC
|
|
#define O_SYNC 00010000
|
|
#endif
|
|
#ifndef FASYNC
|
|
#define FASYNC 00020000 /* fcntl, for BSD compatibility */
|
|
#endif
|
|
#ifndef O_DIRECT
|
|
#define O_DIRECT 00040000 /* direct disk access hint */
|
|
#endif
|
|
#ifndef O_LARGEFILE
|
|
#define O_LARGEFILE 00100000
|
|
#endif
|
|
#ifndef O_DIRECTORY
|
|
#define O_DIRECTORY 00200000 /* must be a directory */
|
|
#endif
|
|
#ifndef O_NOFOLLOW
|
|
#define O_NOFOLLOW 00400000 /* don't follow links */
|
|
#endif
|
|
#ifndef O_NOATIME
|
|
#define O_NOATIME 01000000
|
|
#endif
|
|
#ifndef O_CLOEXEC
|
|
#define O_CLOEXEC 02000000 /* set close_on_exec */
|
|
#endif
|
|
#ifndef O_NDELAY
|
|
#define O_NDELAY O_NONBLOCK
|
|
#endif
|
|
|
|
#define F_DUPFD 0 /* dup */
|
|
#define F_GETFD 1 /* get close_on_exec */
|
|
#define F_SETFD 2 /* set/clear close_on_exec */
|
|
#define F_GETFL 3 /* get file->f_flags */
|
|
#define F_SETFL 4 /* set file->f_flags */
|
|
#ifndef F_GETLK
|
|
#define F_GETLK 5
|
|
#define F_SETLK 6
|
|
#define F_SETLKW 7
|
|
#endif
|
|
#ifndef F_SETOWN
|
|
#define F_SETOWN 8 /* for sockets. */
|
|
#define F_GETOWN 9 /* for sockets. */
|
|
#endif
|
|
#ifndef F_SETSIG
|
|
#define F_SETSIG 10 /* for sockets. */
|
|
#define F_GETSIG 11 /* for sockets. */
|
|
#endif
|
|
|
|
/* for F_[GET|SET]FL */
|
|
#define FD_CLOEXEC 1 /* actually anything with low bit set goes */
|
|
|
|
/* for posix fcntl() and lockf() */
|
|
#ifndef F_RDLCK
|
|
#define F_RDLCK 0
|
|
#define F_WRLCK 1
|
|
#define F_UNLCK 2
|
|
#endif
|
|
|
|
/* for old implementation of bsd flock () */
|
|
#ifndef F_EXLCK
|
|
#define F_EXLCK 4 /* or 3 */
|
|
#define F_SHLCK 8 /* or 4 */
|
|
#endif
|
|
|
|
/* for leases */
|
|
#ifndef F_INPROGRESS
|
|
#define F_INPROGRESS 16
|
|
#endif
|
|
|
|
/* operations for bsd flock(), also used by the kernel implementation */
|
|
#define LOCK_SH 1 /* shared lock */
|
|
#define LOCK_EX 2 /* exclusive lock */
|
|
#define LOCK_NB 4 /* or'd with one of the above to prevent
|
|
blocking */
|
|
#define LOCK_UN 8 /* remove lock */
|
|
|
|
#define LOCK_MAND 32 /* This is a mandatory flock ... */
|
|
#define LOCK_READ 64 /* which allows concurrent read operations */
|
|
#define LOCK_WRITE 128 /* which allows concurrent write operations */
|
|
#define LOCK_RW 192 /* which allows concurrent read & write ops */
|
|
|
|
#define F_LINUX_SPECIFIC_BASE 1024
|
|
|
|
#ifndef HAVE_ARCH_STRUCT_FLOCK
|
|
#ifndef __ARCH_FLOCK_PAD
|
|
#define __ARCH_FLOCK_PAD
|
|
#endif
|
|
|
|
struct flock {
|
|
short l_type;
|
|
short l_whence;
|
|
off_t l_start;
|
|
off_t l_len;
|
|
pid_t l_pid;
|
|
__ARCH_FLOCK_PAD
|
|
};
|
|
#endif
|
|
|
|
#ifndef CONFIG_64BIT
|
|
|
|
#ifndef F_GETLK64
|
|
#define F_GETLK64 12 /* using 'struct flock64' */
|
|
#define F_SETLK64 13
|
|
#define F_SETLKW64 14
|
|
#endif
|
|
|
|
#ifndef HAVE_ARCH_STRUCT_FLOCK64
|
|
#ifndef __ARCH_FLOCK64_PAD
|
|
#define __ARCH_FLOCK64_PAD
|
|
#endif
|
|
|
|
struct flock64 {
|
|
short l_type;
|
|
short l_whence;
|
|
loff_t l_start;
|
|
loff_t l_len;
|
|
pid_t l_pid;
|
|
__ARCH_FLOCK64_PAD
|
|
};
|
|
#endif
|
|
#endif /* !CONFIG_64BIT */
|
|
|
|
#endif /* _ASM_GENERIC_FCNTL_H */
|