Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <514E6082.4070104@eservices.virginia.edu>
Date: Sat, 23 Mar 2013 22:10:10 -0400
From: Zvi Gilboa <zg7s@...rvices.virginia.edu>
To: <musl@...ts.openwall.com>
Subject: Re: Difficulty emulating F_DUPFD_CLOEXEC

On 03/23/2013 09:59 PM, Rich Felker wrote:
> Hi again,
>
> Old kernels lack fcntl F_DUPFD_CLOEXEC, which musl needs internally
> and wants to provide to applications. Thus, I'd like to emulate it
> like we do for pipe2, dup3, socket SOCK_CLOEXEC, etc.; the emulation
> has a race condition that leaks fds, but it's better than nothing.
>
> The problem I'm having is how to detect the case where the kernel
> lacks F_DUPFD_CLOEXEC. For other other atomic close-on-exec
> operations, we either have ENOSYS (newly added syscall) or an
> unambiguous EINVAL. But for fcntl, we could get EINVAL because
> F_DUPFD_CLOEXEC is not recognized by the kernel, or because the
> argument is larger than OPEN_MAX. So we need a test for the cause
> behind EINVAL.
>
> False positives are not an option, because if we wrongly detect that
> F_DUPFD_CLOEXEC was not supported, we would emulate it with the code
> that has race conditions and fd leaks, even on new kernels which
> should not have these problems.
>
> The best idea I have so far is:
>
> 1. Try F_DUPFD_CLOEXEC. If it succeeds or fails with any error other
>     than EINVAL, we're done.
>
> 2. If it fails with EINVAL, retry with an argument of 0. This will
>     eliminate the other cause of EINVAL, so now we should get EINVAL
>     only on old kernels that lack F_DUPFD_CLOEXEC. If this test
>     succeeds, we need to close the new duplicate fd we made (on the
>     wrong fd number) and report EINVAL back to the caller.
>
> 3. If the test in step 2 failed, F_DUPFD_CLOEXEC is unsupported, and
>     we have to use the fallback code with race conditions.
>
> This uglifies fcntl.c a bit more, but I think it works. Does the above
> reasoning make sense? Any other ideas?

In the hope that this matches the project's spirit... how about running 
these tests during the build, and have a script (or a simple test 
program) #define whether the target architecture supports 
F_DUPFD_CLOEXEC or not?  Potentially, this test could be added at the 
very end of alltypes.h.sh

>
> Rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.