Posted Aug 27, 2009 21:33 UTC (Thu) by foom
In reply to: Third-party libraries
Parent article: In brief
The real userspace solution would be for programs to just close unknown file
descriptors between fork and exec. But they don't, so O_CLOEXEC is a decent facility for defensive
Yes, this is what I've been saying -- see previous comment regarding "close_everything_but". The
bug is in the code that calls fork/exec, not the code that opens a file descriptor!
Comments like this
one just show how insane this whole thing is. The *bug* there is that libuuid doesn't close fds
before execing a long-lived daemon! It should not be the responsibility of everyone to open all
their fds with O_NOEXEC.
to post comments)