1
linux/include/asm-parisc
Ulrich Drepper f23513e8d9 Introduce O_CLOEXEC
The problem is as follows: in multi-threaded code (or more correctly: all
code using clone() with CLONE_FILES) we have a race when exec'ing.

   thread #1                       thread #2

   fd=open()

                                   fork + exec

  fcntl(fd,F_SETFD,FD_CLOEXEC)

In some applications this can happen frequently.  Take a web browser.  One
thread opens a file and another thread starts, say, an external PDF viewer.
 The result can even be a security issue if that open file descriptor
refers to a sensitive file and the external program can somehow be tricked
into using that descriptor.

Just adding O_CLOEXEC support to open() doesn't solve the whole set of
problems.  There are other ways to create file descriptors (socket,
epoll_create, Unix domain socket transfer, etc).  These can and should be
addressed separately though.  open() is such an easy case that it makes not
much sense putting the fix off.

The test program:

#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <unistd.h>

#ifndef O_CLOEXEC
# define O_CLOEXEC 02000000
#endif

int
main (int argc, char *argv[])
{
  int fd;
  if (argc > 1)
    {
      fd = atol (argv[1]);
      printf ("child: fd = %d\n", fd);
      if (fcntl (fd, F_GETFD) == 0 || errno != EBADF)
        {
          puts ("file descriptor valid in child");
          return 1;
        }
      return 0;
    }

  fd = open ("/proc/self/exe", O_RDONLY | O_CLOEXEC);
  printf ("in parent: new fd = %d\n", fd);
  char buf[20];
  snprintf (buf, sizeof (buf), "%d", fd);
  execl ("/proc/self/exe", argv[0], buf, NULL);
  puts ("execl failed");
  return 1;
}

[kyle@parisc-linux.org: parisc fix]
Signed-off-by: Ulrich Drepper <drepper@redhat.com>
Acked-by: Ingo Molnar <mingo@elte.hu>
Cc: Davide Libenzi <davidel@xmailserver.org>
Cc: Michael Kerrisk <mtk-manpages@gmx.net>
Cc: Chris Zankel <chris@zankel.net>
Signed-off-by: Kyle McMartin <kyle@parisc-linux.org>
Acked-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-16 09:05:45 -07:00
..
a.out.h
agp.h
asmregs.h
assembly.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
atomic.h atomic.h: atomic_add_unless as inline. Remove system.h atomic.h circular dependency 2007-05-08 11:15:20 -07:00
auxvec.h
bitops.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
bug.h [PARISC] add ASM_EXCEPTIONTABLE_ENTRY() macro 2007-02-17 01:16:26 -05:00
bugs.h
byteorder.h
cache.h [PARISC] Clean up the cache and tlb headers 2007-02-17 00:41:30 -05:00
cacheflush.h [PARISC] Add prototypes for flush_user_dcache_range and flush_user_icache_range 2007-02-17 00:43:51 -05:00
checksum.h [NET]: PARISC checksum annotations and cleanups. 2006-12-02 21:23:10 -08:00
compat_rt_sigframe.h
compat_signal.h
compat_ucontext.h
compat.h wrap access to thread_info 2007-05-09 12:30:56 -07:00
cputime.h
current.h
delay.h
device.h Driver core: add dev_archdata to struct device 2006-12-01 14:52:01 -08:00
div64.h
dma-mapping.h [PARISC] Fix ccio_request_resource when CONFIG_IOMMU_CCIO is not defined 2006-12-08 00:33:59 -05:00
dma.h Fix misc .c/.h comment typos 2006-11-30 05:24:39 +01:00
eisa_bus.h
eisa_eeprom.h
elf.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
emergency-restart.h
errno.h
fcntl.h Introduce O_CLOEXEC 2007-07-16 09:05:45 -07:00
fixmap.h
floppy.h
futex.h [PATCH] mm: pagefault_{disable,enable}() 2006-12-07 08:39:21 -08:00
grfioctl.h
hardirq.h
hardware.h [PARISC] fix section mismatches in arch/parisc/kernel 2007-05-27 13:36:27 -04:00
hw_irq.h
ide.h
io.h Merge master.kernel.org:/pub/scm/linux/kernel/git/kyle/parisc-2.6 2007-02-26 12:48:06 -08:00
ioctl.h
ioctls.h
ipcbuf.h
irq_regs.h
irq.h
Kbuild
kdebug.h move die notifier handling to common code 2007-05-08 11:15:04 -07:00
kmap_types.h
led.h [PARISC] Convert soft power switch driver to kthread 2007-02-17 01:03:43 -05:00
linkage.h [PARISC] fix trivial spelling nit in asm/linkage.h 2007-05-30 02:14:36 -04:00
local.h local_t: parisc cleanup 2007-05-08 11:15:20 -07:00
machdep.h
mc146818rtc.h
mckinley.h
mman.h [PATCH] Remove final references to deprecated "MAP_ANON" page protection flag 2007-02-11 10:51:17 -08:00
mmu_context.h Detach sched.h from mm.h 2007-05-21 09:18:19 -07:00
mmu.h
mmzone.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
module.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
msgbuf.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
mutex.h
namei.h
page.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
param.h
parisc-device.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
parport.h
pci.h PCI: remove pci_dac_dma_... APIs 2007-07-11 16:02:11 -07:00
pdc_chassis.h
pdc.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
pdcpat.h [PARISC] Remove duplicate PDC_PAT_CELL defines 2006-12-08 00:34:47 -05:00
percpu.h
perf.h
pgalloc.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
pgtable.h page table handling cleanup 2007-07-16 09:05:36 -07:00
poll.h Consolidate asm/poll.h 2007-05-11 08:29:34 -07:00
posix_types.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
prefetch.h
processor.h [PARISC] fix section mismatches in arch/parisc/kernel 2007-05-27 13:36:27 -04:00
psw.h
ptrace.h
real.h
resource.h
ropes.h Fix misc .c/.h comment typos 2006-11-30 05:24:39 +01:00
rt_sigframe.h
rtc.h
runway.h
scatterlist.h PCI: scatterlist.h needs types.h 2007-05-02 19:02:34 -07:00
sections.h
segment.h
semaphore-helper.h
semaphore.h [PATCH] Fix incorrent type of flags in <asm/semaphore.h> 2006-11-26 16:30:29 -08:00
sembuf.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
serial.h
setup.h
shmbuf.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
shmparam.h
sigcontext.h
siginfo.h
signal.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
smp.h [PARISC] kill ENTRY_SYS_CPUS 2007-02-17 01:11:41 -05:00
socket.h [NET]: Adding SO_TIMESTAMPNS / SCM_TIMESTAMPNS support 2007-04-25 22:24:21 -07:00
sockios.h [NET]: Introduce SIOCGSTAMPNS ioctl to get timestamps with nanosec resolution 2007-04-25 22:24:04 -07:00
spinlock_types.h [PARISC] "Fix" circular includes 2007-02-17 00:43:10 -05:00
spinlock.h
stat.h
statfs.h [PATCH] use __u64 rather than u64 in parisc statfs structs 2007-02-08 18:56:57 -05:00
string.h
superio.h
system.h [PARISC] Fix unwinder on 64-bit kernels 2007-06-21 17:46:21 -04:00
termbits.h lots-of-architectures: enable arbitary speed tty support 2007-07-10 17:51:13 -07:00
termios.h [PATCH] consolidate line discipline number definitions 2007-02-11 10:51:26 -08:00
thread_info.h [PARISC] Add TIF_RESTORE_SIGMASK support 2007-02-17 01:06:04 -05:00
timex.h
tlb.h
tlbflush.h Detach sched.h from mm.h 2007-05-21 09:18:19 -07:00
topology.h
traps.h
types.h [PARISC] convert to use CONFIG_64BIT instead of __LP64__ 2007-02-17 01:17:13 -05:00
uaccess.h [PARISC] add ASM_EXCEPTIONTABLE_ENTRY() macro 2007-02-17 01:16:26 -05:00
ucontext.h
unaligned.h
unistd.h [PARISC] Wire up utimensat/signalfd/timerfd/eventfd syscalls 2007-05-27 15:19:58 -04:00
unwind.h
user.h
xor.h