From: Szabolcs Nagy > Sent: 05 June 2020 15:56 ... > currently there is no libc interface contract in place that > says which calls may use libc internal fds e.g. i've seen > > openlog(...) // opens libc internal syslog fd > ... > fork() > closefrom(...) // close syslog fd > open(...) // something that reuses the closed fd > syslog(...) // unsafe: uses the wrong fd > execve(...) > > syslog uses a libc internal fd that the user trampled on and > this can go bad in many ways depending on what libc apis are > used between closefrom (or equivalent) and exec. It is, of course, traditional that daemons only call close(0); close(1); close(2); Took us ages to discover that a misspelt fprintf() was adding data to the stdout buffer and eventually flushing 10k of ascii text into an inter-process pipe that had a 32bit field for 'message extension length'. FWIW isn't syslog() going to go badly wrong after fork() anyway? Unless libc's fork() calls closelog(). David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
