[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-bash] Prevent file descriptor inheritance

From: R. Diez
Subject: Re: [Help-bash] Prevent file descriptor inheritance
Date: Wed, 8 Aug 2018 15:28:28 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1

> How did you open the "secret" file?  If you are managing
> the fd yourself, it's simply a matter of closing it
> yourself before starting any command where you don't
> want it leaked, such as:
> [...]

I am just planning the script, I have not written it yet.

Say I am using the file in a loop. If I close the file descriptor every time before I run an external tool, I have to reopen the file and seek to the last read position. Not very convenient.

OK, you can also stop file descriptor inheritance at every command, but this is not practical. After all, you may want to consider all external commands suspect, so you would have to do that for every command after opening your file.

I understand that Bash has no threading problems. But it would still be nice to be able to set FD_CLOEXEC manually after opening a file descriptor.

If Bash is managing the file itself, I wonder whether it should always open it with O_CLOEXEC, just in case. Or maybe just have an option to do that if you wish.

Leaking all file descriptors by default could be considered a security risk. I would at least mention it explicitly in the man page, because most people would not think of that when opening a file.

Best regards,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]