setting close-on-exec flag for Linux::Inotify2?

Marc Lehmann schmorp at schmorp.de
Wed Jul 28 18:18:23 CEST 2021


On Tue, Jul 27, 2021 at 11:04:41PM +0000, Eric Wong <e at 80x24.org> wrote:
> Hi all, I noticed an inotify FD was being inadvertantly passed
> to an exec-ed child process, unlike every other FD in a Perl
> process (due to $^F).

[you tried practically everything]

Yes - the underlying problem is the difficulty with which to convert fd's
to file handles in XS, otherwise I would probably have provided a filehandle
instead.

In theory, the fd member is private and switching to an fh could still be
done without changing the API.  I'll have to think about this.

> It'd be nice to change the default and just set it automatically
> after inotify_init (or use inotify_init2 for newer kernels),
> respecting $^F.  It probably won't break anything, especially
> since every other FD >2 has FD_CLOEXEC set in Perl.

Alternatively, just setting the cloexec flag unconditionally will be
the right thing - accidentally having an inotify fd in stdin/out/err is
probably just another security bug waiting to happen.

In the meantime, you could nuke the DESTROY method out of existance, or
try to subclass the whole thing and provide a NOP DESTROY method, and that
way you can open the fd and fcntl it.

Thanks for reporting this issue!

-- 
                The choice of a       Deliantra, the free code+content MORPG
      -----==-     _GNU_              http://www.deliantra.net
      ----==-- _       generation
      ---==---(_)__  __ ____  __      Marc Lehmann
      --==---/ / _ \/ // /\ \/ /      schmorp at schmorp.de
      -=====/_/_//_/\_,_/ /_/\_\



More information about the perl mailing list