[PATCH] ev: fix epoll_init fd leak

Mon Oct 31 20:41:46 CET 2011

On Mon, Oct 31, 2011 at 07:40:39PM +0100, Ben Noordhuis <info at bnoordhuis.nl> wrote:

Since you don't come up with an example of your common programming
technique for daemons, I assume it is a settled issue and you retract your
claim?

> libev is a library. Libraries should not second-guess the application
> programmer's intent. I consider this a bug, plain and simple.

Unlike you, I am very much interested in making it harder for programmers
to create security issues - I might be the user of such a program in the
future, and so might you.

And I bet you reported this because you had an issue with it - if you fix
your code, as opposed to working around your buggy app in libev, thats one
bug less in the world that libev found by being how it is.

To me, thats a good thing, sorry :(

However, this issue has nothing to do with programmer intent - no
programmer "intends" his software to be a source of security issues.

This is also the reason why real world daemons don't do this - it's just
asking for trouble.

The hard issue is POSIX though - yes, this is clearly a bug: programs that
close standard file descriptors are already broken. So are programs that
close all file descriptors >= 2 (for entirely different reasons).

The differencs is that the latter _usually_ works for daemons, while the
former is a security issue.

In no case is this sensible programming, required, or correct.

And libev does require posix compliance unless noted otherwise. Anything
else is just madness.

-- 
                The choice of a       Deliantra, the free code+content MORPG
      -----==-     _GNU_              http://www.deliantra.net
      ----==-- _       generation
      ---==---(_)__  __ ____  __      Marc Lehmann
      --==---/ / _ \/ // /\ \/ /      schmorp at schmorp.de
      -=====/_/_//_/\_,_/ /_/\_\