[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-bash] Prevent file descriptor inheritance

From: Eric Blake
Subject: Re: [Help-bash] Prevent file descriptor inheritance
Date: Wed, 8 Aug 2018 07:39:58 -0500
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0

On 08/08/2018 01:40 AM, R. Diez wrote:
Hi all:

Is there any way to prevent file descriptor inheritance? I mean the "close on exec" flag O_CLOEXEC or FD_CLOEXEC.

I wonder about the security implications. If a shell script opens a "secret" file, and runs an external command, that command will have direct access to the file.

How did you open the "secret" file? If you are managing the fd yourself, it's simply a matter of closing it yourself before starting any command where you don't want it leaked, such as:

exec 3< mysecret
command_allowed_to_use_it_via_stdin <&3
command_forbidden_to_use 3<-

Yeah, it's a bit of a pain that you can't specify O_CLOEXEC, but have to track things yourself. On the other hand, O_CLOEXEC was added because of multithreaded apps (where you absolutely need an atomic way to ensure an fd opened in your thread of control is not leaked by a fork()/exec() in a parallel thread of control). But the shell is single-threaded, and therefore you don't have the risk of any other thread fork()ing (and thus leaking your fd) outside of your thread of control. So you are always able to manually manipulate fds without worrying about the race that O_CLOEXEC was meant to solve.

Eric Blake, Principal Software Engineer
Red Hat, Inc.           +1-919-301-3266
Virtualization: |

reply via email to

[Prev in Thread] Current Thread [Next in Thread]