[patch] SOCK_CLOEXEC, SOCK_NONBLOCK and MSG_CMSG_CLOEXEC
Konstantin Belousov
kostikbel at gmail.com
Mon Mar 18 21:00:09 UTC 2013
On Sun, Mar 17, 2013 at 10:23:53PM +0100, Jilles Tjoelker wrote:
> Here are some more modifications to allow creating file descriptors with
> close-on-exec set. Like in linux/glibc, SOCK_CLOEXEC and SOCK_NONBLOCK
> can be OR'ed in socket() and socketpair()'s type parameter, and
> MSG_CMSG_CLOEXEC to recvmsg() makes file descriptors (SCM_RIGHTS)
> atomically close-on-exec.
>
> The numerical values for SOCK_CLOEXEC and SOCK_NONBLOCK are as in
> NetBSD. MSG_CMSG_CLOEXEC is the first free bit for MSG_*.
>
> I do not pass the SOCK_* flags to MAC because this may cause incorrect
> failures and can be done later via fcntl() anyway. I expect audit to
> cope with the new flags.
>
> For MSG_CMSG_CLOEXEC, I had to change unp_externalize to take a flags
> argument.
This looks fine to me.
The only note I have, which is not directly related to your patch,
is the recvmsg(2) behaviour when the undefined flag is passed.
The syscall silently ignores the flags. I think this is quite wrong,
and would cause interesting (security) implications if the program
using the MSG_CMSG_CLOEXEC is run on older kernel which does not
interpret the flag.
Might be, we should start returning EINVAL for unknown flag, despite
SUSv4 not specifying the condition ?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20130318/817f50d6/attachment.sig>
More information about the freebsd-hackers
mailing list