 Relationships |
|
| Anonymous | Login | Signup for a new account | 2010-02-09 15:42 UTC |
| Main | My View | View Issues | Change Log | Docs |
| Viewing Issue Simple Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||||
| ID | Category | Severity | Type | Date Submitted | Last Update | ||||||||
| 0000149 | [1003.1(2008)/Issue 7] System Interfaces | Editorial | Enhancement Request | 2009-09-17 06:41 | 2009-09-24 15:46 | ||||||||
| Reporter | tahonermann | View Status | public | ||||||||||
| Assigned To | ajosey | ||||||||||||
| Priority | normal | Resolution | Future Enhancement | ||||||||||
| Status | Resolved | ||||||||||||
| Name | Tom Honermann | ||||||||||||
| Organization | Oracle | ||||||||||||
| User Reference | |||||||||||||
| Section | fdwalk | ||||||||||||
| Page Number | N/A | ||||||||||||
| Line Number | N/A | ||||||||||||
| Interp Status | --- | ||||||||||||
| Final Accepted Text | |||||||||||||
| Summary | 0000149: Add fdwalk system interface | ||||||||||||
| Description |
Code similar to the following is often used before calling one of the 'exec' family of functions to limit open file descriptors for the new process image. Many programs rely on this behavior for security reasons and to avoid exceeding limits on the number of open files.
int fdesc;
struct rlimit rl;
/* Retrieve the soft limit for the maximum number of open files */
getrlimit(RLIMIT_NOFILE, &rl);
/* Set all file descriptors except stdin, stdout, and stderr to close-on-exec */
for(fdesc=3; fdesc < rl.rlim_cur; ++fdesc)
{
int old_flags = fcntl(fdesc, F_GETFD, 0);
if(old_flags >= 0)
fcntl(fdesc, F_SETFD, old_flags | FD_CLOEXEC);
}
The above code functions properly but negatively impacts performance when running with a high soft limit. Consider a soft limit of 256 - at least 253 system calls to 'fcntl' will be made before calling one of the 'exec' functions to replace the process image. Solaris includes a function named 'fdwalk' which can be used to achieve the same results as the above code with much less overhead. See the Solaris man page for more information: http://docs.sun.com/app/docs/doc/816-5168/fdwalk-3c?a=view. [^] Sample code to achieve the same results as the code above follows.
static int fdwalk_close_on_exec(void *unused, int fd)
{
if (fd >= 3)
{
int old_flags = fcntl(fd, F_GETFD, 0);
if(old_flags >= 0)
fcntl(fd, F_SETFD, old_flags | FD_CLOEXEC);
}
return (0);
}
...
fdwalk(fdwalk_close_on_exec, NULL);
Use of 'fdwalk' is more efficient since 'fcntl' is only called for file descriptors that are actually open. |
||||||||||||
| Desired Action | Add fdwalk to the system interface section of the next standard. | ||||||||||||
| Tags | No tags attached. | ||||||||||||
| Attached Files | |||||||||||||
|
|
|||||||||||||
|
Relationships |
|
|
Notes |
|
|
(0000238) msbrown (manager) 2009-09-24 15:45 |
The rules for introducing new material into the standard are provided in austin-112r3 (http://www.opengroup.org/austin/docs/austin_112r3.txt). [^] [^] The material introduced must have a copyright release from the original owner. The text needs to be fully formed ... the exact words you would propose being added to the standard. |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2009-09-17 06:41 | tahonermann | New Issue | |
| 2009-09-17 06:41 | tahonermann | Status | New => Under Review |
| 2009-09-17 06:41 | tahonermann | Assigned To | => ajosey |
| 2009-09-17 06:41 | tahonermann | Name | => Tom Honermann |
| 2009-09-17 06:41 | tahonermann | Organization | => Oracle |
| 2009-09-17 06:41 | tahonermann | Section | => fdwalk |
| 2009-09-17 06:41 | tahonermann | Page Number | => N/A |
| 2009-09-17 06:41 | tahonermann | Line Number | => N/A |
| 2009-09-17 06:57 | tahonermann | Issue Monitored: tahonermann | |
| 2009-09-24 15:45 | msbrown | Note Added: 0000238 | |
| 2009-09-24 15:46 | msbrown | Interp Status | => --- |
| 2009-09-24 15:46 | msbrown | Status | Under Review => Resolved |
| 2009-09-24 15:46 | msbrown | Resolution | Open => Future Enhancement |
| Mantis 1.1.6[^] Copyright © 2000 - 2008 Mantis Group |  |
