Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

net: ipStackCapabilities.probe creates sockets that can escape into child process #22349

alexbrainman opened this issue Oct 20, 2017 · 3 comments


Copy link

@alexbrainman alexbrainman commented Oct 20, 2017

Perhaps I am mistake. But ipStackCapabilities.probe calls socketFunc (which is just a syscall.Socket). Returned socket is inheritable by child process on Windows, so it can escape, if we call Windows CreateProcess at the same time.

Maybe this is expected, but I decided to report. Just in case.

Thank you.

CC @ianlancetaylor @mikioh

Copy link
Member Author

@alexbrainman alexbrainman commented Oct 23, 2017

@ianlancetaylor you marked this with OS-Windows label, but this affects pretty much everyone.


Copy link

@ianlancetaylor ianlancetaylor commented Oct 23, 2017

Ah, so it does. Sorry.

Copy link

@gopherbot gopherbot commented Jan 3, 2018

Change mentions this issue: net: set CLOEXEC on sockets used for capability probes

@gopherbot gopherbot closed this in f05c8b4 Jan 3, 2018
@golang golang locked and limited conversation to collaborators Jan 3, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
You can’t perform that action at this time.