Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable handle inheritance for Sockets #27671

Closed
Tratcher opened this issue Oct 18, 2018 · 4 comments
Closed

Disable handle inheritance for Sockets #27671

Tratcher opened this issue Oct 18, 2018 · 4 comments
Assignees
@stephentoub
Labels
area-System.Net.Sockets enhancement Product code improvement that does NOT require public API changes/additions
Milestone
3.0

Comments

@Tratcher
Copy link
Member

Some ASP.NET Core users are having issues with their server sockets being kept alive by child processes after the parent has existed. This causes issues where clients are still able to connect but no traffic is being served. Handle inheritance for Process.Start has been discussed extensively in https://github.com/dotnet/corefx/issues/306. Failing a general solution there, disabling inheritance specifically for sockets would be an improvement.

While it varies across platforms there are generally two ways to disable this inheritance. The first is to call SetHandleInformation right after creating the socket. Libuv does this on Windows, and ASP.NET Core has added this as a windows specific mitigation. Ubuntu does not appear to be affected but Mac is and it does not have this API. This approach is also not atomic.

The other way to do disable inheritance is to pass a flag directly into the native socket constructor. This isn't exposed in the managed API. This approach is more commonly available across platforms.
@stephentoub
Copy link
Member

stephentoub commented Oct 18, 2018
edited
Loading

disabling inheritance specifically for sockets would be an improvement

FYI, we already do this on Linux, where SOCK_CLOEXEC is available:
https://github.com/dotnet/corefx/blob/1d9c45957a4c662a7ae7bbf8ec42063cecb95f14/src/Native/Unix/System.Native/pal_networking.c#L1977-L1980

I've not tried, but I'm assuming on mac we could instead use fcntl with O_CLOEXEC as we do in other places on other file descriptors:
https://github.com/dotnet/corefx/blob/cec9910fcaa0321cd33b6fd43924a2794c5f3bb3/src/Native/Unix/System.Native/pal_io.c#L282-L287
It wouldn't be atomic, but it's probably the best we could do, assuming it works with socket fds. Seems reasonable to do that, and to use SetHandleInformation on Windows to do the equivalent, or we could probably just pass the flag into the native factory method, presumably making it atomic, though I don't know for sure.

@stephentoub stephentoub self-assigned this Oct 19, 2018
@Tratcher
Copy link
Member Author

Tratcher commented Oct 19, 2018
edited
Loading

On Windows WSA_FLAG_NO_HANDLE_INHERIT would be better than SetHandleInformation for atomicity.

@stephentoub
Copy link
Member

Yes

@GSPP
Copy link

GSPP commented Oct 19, 2018

If it's not atomic then it cannot be relied upon and is almost as bad as not doing it IMHO.

@msftgits msftgits transferred this issue from dotnet/corefx Jan 31, 2020
@msftgits msftgits added this to the 3.0 milestone Jan 31, 2020
@ghost ghost locked as resolved and limited conversation to collaborators Dec 15, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@stephentoub stephentoub

Labels
area-System.Net.Sockets enhancement Product code improvement that does NOT require public API changes/additions
Projects
None yet
Milestone
3.0
Development

No branches or pull requests
4 participants
@Tratcher @stephentoub @msftgits @GSPP