[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-bash] Prevent file descriptor inheritance
|
From: |
R. Diez |
|
Subject: |
Re: [Help-bash] Prevent file descriptor inheritance |
|
Date: |
Wed, 8 Aug 2018 15:28:28 +0200 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
> How did you open the "secret" file? If you are managing
> the fd yourself, it's simply a matter of closing it
> yourself before starting any command where you don't
> want it leaked, such as:
> [...]
I am just planning the script, I have not written it yet.
Say I am using the file in a loop. If I close the file descriptor every
time before I run an external tool, I have to reopen the file and seek
to the last read position. Not very convenient.
OK, you can also stop file descriptor inheritance at every command, but
this is not practical. After all, you may want to consider all external
commands suspect, so you would have to do that for every command after
opening your file.
I understand that Bash has no threading problems. But it would still be
nice to be able to set FD_CLOEXEC manually after opening a file descriptor.
If Bash is managing the file itself, I wonder whether it should always
open it with O_CLOEXEC, just in case. Or maybe just have an option to do
that if you wish.
Leaking all file descriptors by default could be considered a security
risk. I would at least mention it explicitly in the man page, because
most people would not think of that when opening a file.
Best regards,
rdiez