* Pichai Raghavan (ragh_avan@rediffmail.com) wrote: > Hi All, > > Man page of exec says that file descriptors are open across exec. > Is there any way I can close all file descriptors after an exec ? > (And why is it done this way?) You can mark all fd's close-on-exec (fcntl(2)). Or you can close all fd's in your program (cycle through fd list and call close(2)). Be aware that closing fd's 0-2 may not have the results you intend, especially if the exec'd program is running as root. glibc makes assumptions about fd's 0-2, and if you close them and allow user input to define how they are opened this can be a security leak. Things like current tty (for stdin/out/err) and shell redirection rely on this behaviour. thanks, -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ FAQ: http://kernelnewbies.org/faq/
