Skip to content

fork+exec fails to close other file descriptors #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
iCharlesHu opened this issue May 16, 2025 · 0 comments
Open

fork+exec fails to close other file descriptors #46

iCharlesHu opened this issue May 16, 2025 · 0 comments
Assignees
@iCharlesHu
Labels
blocker Show stopping issues for 0.0.1 bug Something isn't working

Comments

@iCharlesHu
Copy link
Contributor

iCharlesHu commented May 16, 2025
edited
Loading

(manually cloned from iCharlesHu/Subprocess#44)

https://github.com/iCharlesHu/swift-experimental-subprocess/blob/7204d94bc468c0669a326fe584bf240e1eecbb2b/Sources/_SubprocessCShims/process_shims.c#L322

UNIX programs typically need to close all other open fds that they don't want to inherit into the child process after fork() but before execve(). This code fails to do so, this is security-relevant.

Implementation here: https://github.com/swiftlang/swift-sdk-generator/pull/156/files#diff-456340af052c33f5e1551237a5b2b7a6f20c374fea29d0d352c931b328a319a4R134-R140
@iCharlesHu iCharlesHu added bug Something isn't working blocker Show stopping issues for 0.0.1 labels May 16, 2025
@iCharlesHu iCharlesHu self-assigned this May 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@iCharlesHu iCharlesHu

Labels
blocker Show stopping issues for 0.0.1 bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@iCharlesHu