-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
File descriptor leak when spawning new process #26478
Comments
This is currently a very intentional part of the design of The standard library opens everything with CLOEXEC by default (and will one day provide the ability to not do so), but adding this sort of code on a post-fork would at most be a platform extension and would probably best be done with a "run this block post-fork" option to |
This sounds like a security issue. A safe API should use an |
@l0kod this is not a security issue for the standard library, if it's an issue at all it's an issue with the libraries that are opening file descriptors without CLOEXEC. |
OK, so it's an issue with almost all bindings… |
Is it OK if I create a PR to extend |
We explicitly removed this behavior, so I would probably expect an RFC before a PR. |
When using an external library and/or FFI bindings, all non-cloexec file descriptors leak to all new processes spawned with
Command::spawn()
.This was introduced by the I/O reform because the
getdtablesize()
loop disappeared.The
getdtablesize()
loop could be replaced with awalk_dir()
through/proc/self/fd
when available (cf. #12148 (comment)).cc #12148
cc #22678
cc #24237
cc rust-lang/rfcs#941
cc @alexcrichton
cc @aturon
The text was updated successfully, but these errors were encountered: