-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
File descripters should be non-inheritable by default. #6602
Labels
Comments
This may be hard to accomplish, because system.nim uses fopen, which doesn't have portable CLOEXEC support (there is "e" mode, but it's only available in glibc) |
alaviss
added a commit
to alaviss/Nim
that referenced
this issue
Jan 20, 2020
This prevents file descriptors/handles leakage to child processes that might cause issues like running out of file descriptors, or potential security issues like leaking a file descriptor to a restricted file. While this breaks backward compatibility, I'm rather certain that not many programs (if any) actually make use of this implementation detail. A new API `setInheritable` is provided for the few that actually want to use this functionality. Ref nim-lang#6602
alaviss
added a commit
to alaviss/Nim
that referenced
this issue
Jan 20, 2020
This prevents file descriptors/handles leakage to child processes that might cause issues like running out of file descriptors, or potential security issues like leaking a file descriptor to a restricted file. While this breaks backward compatibility, I'm rather certain that not many programs (if any) actually make use of this implementation detail. A new API `setInheritable` is provided for the few that actually want to use this functionality. Ref nim-lang#6602
alaviss
added a commit
to alaviss/Nim
that referenced
this issue
Jan 20, 2020
This prevents file descriptors/handles leakage to child processes that might cause issues like running out of file descriptors, or potential security issues like leaking a file descriptor to a restricted file. While this breaks backward compatibility, I'm rather certain that not many programs (if any) actually make use of this implementation detail. A new API `setInheritable` is provided for the few that actually want to use this functionality. Ref nim-lang#6602
alaviss
added a commit
to alaviss/Nim
that referenced
this issue
Jan 20, 2020
This prevents file descriptors/handles leakage to child processes that might cause issues like running out of file descriptors, or potential security issues like leaking a file descriptor to a restricted file. While this breaks backward compatibility, I'm rather certain that not many programs (if any) actually make use of this implementation detail. A new API `setInheritable` is provided for the few that actually want to use this functionality. Ref nim-lang#6602
alaviss
added a commit
to alaviss/Nim
that referenced
this issue
Jan 20, 2020
This prevents file descriptors/handles leakage to child processes that might cause issues like running out of file descriptors, or potential security issues like leaking a file descriptor to a restricted file. While this breaks backward compatibility, I'm rather certain that not many programs (if any) actually make use of this implementation detail. A new API `setInheritable` is provided for the few that actually want to use this functionality. Ref nim-lang#6602
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have encountered a problem when i am making a "process supervisor".
When the supervisor quit, each child process keep running and keep the
fd
s interited from supervisor opening. Thefd
s are leaked. Especially, there is no way to manually set the underlying fd of asynchttpserver as FD_CLOEXEC.I think the file descripters should be non-inheritable by default.
Python from 3.4 (and many other languages) make file descripters non-inheritable by default.
See: https://www.python.org/dev/peps/pep-0446/
My original issue is here: dom96/jester#125
The text was updated successfully, but these errors were encountered: