Make sure new file descriptors have close-on-exec flag set on them in a race-free way
In many places Glib was already trying to get new file descriptors with the close-on-exec flag set in a race-free way, however quite a few sites remained where this wasn't being done - mostly in older code parts.
This MR is an attempt to rectify that and make Glib fully close-on-exec-safe where possible.
The current attempt to close all file descriptors by a g_spawn_*
call without G_SPAWN_LEAVE_DESCRIPTORS_OPEN
flag is not only rather hacky, it doesn't cover any code that wants to do fork ()
+ exec ()
directly (including extra libraries used by a Glib consumer),
I've went through calls to the following functions in Glib code:
-
open ()
family, -
fopen ()
family, -
socket ()
, -
socketpair ()
, -
pipe ()
family, -
accept ()
, -
dup ()
family, -
recvmsg ()
.
Converted most of these call sites to set close-on-exec flag in a race-free way.
The remaining ones are either Windows-only or lie between fork ()
and exec ()
calls.
With this change Glib should be fully close-on-exec-safe on platforms that support the necessary system calls - this is true of pretty much every modern Linux system.
The MR has been divided into 8 individually described commits to make it easier to review.