https://bugs.exim.org/show_bug.cgi?id=2010
Giuseppe D'Angelo <dangelog@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dangelog@???
--- Comment #2 from Giuseppe D'Angelo <dangelog@???> ---
Unlink removes the file name from the file system, but the corresponding
descriptor is left open in the process.
If PCRE gets used in an application which spawns another process via fork+exec,
then that process will get the descriptor, which is very likely unwanted. (A
harmful process could dangerously mess with the descriptor.)
To prevent that, one must set the close on exec flag on the descriptor; and
that flag should be set "as soon as possible", ideally on the very syscall that
opens the descriptor.
(The danger of *not* setting it as soon as possible is that this leaves a time
window in a multithreaded application where another thread can perform a
fork+exec and leak the descriptor.)
So, ideally, in the case of mkstemp one should define _GNU_SOURCE on glibc and
use mkostemp(template, O_CLOEXEC).
--
You are receiving this mail because:
You are on the CC list for the bug.
