From: "Avery Pennarun" <apenwarr@gmail.com>
To: "Stephen R. van den Berg" <srb@cuci.nl>
Cc: "Johannes Sixt" <j.sixt@viscovery.net>,
"Paolo Bonzini" <bonzini@gnu.org>,
"Karl Chen" <quarl@cs.berkeley.edu>,
"Git mailing list" <git@vger.kernel.org>,
"Junio C Hamano" <gitster@pobox.com>
Subject: Re: [PATCH] be paranoid about closed stdin/stdout/stderr
Date: Wed, 27 Aug 2008 14:22:39 -0400 [thread overview]
Message-ID: <32541b130808271122t45031cc7n497da8da6ca52bd3@mail.gmail.com> (raw)
In-Reply-To: <20080827091800.GB484@cuci.nl>
On Wed, Aug 27, 2008 at 5:18 AM, Stephen R. van den Berg <srb@cuci.nl> wrote:
> Avery Pennarun wrote:
>>In general I'd mostly agree with you, but fd 0/1/2 are super-special
>>and I've personally been bitten by insane, rare problems that occur
>>when programs are started with one or more of those fds closed.
>
> Key words: "insane, rare problems"
Yes, I used those words on purpose.
> Well, as you say, "you're writing a new daemon". This means that you
> need to make sure that *if* this daemon ever forks/execs it leaves the
> environment in a sane state which does not open up security holes.
Well, *I* know that. But this is far from well-documented.
>>Does this sound rare? It is! But it's also hellish to debug when it
>>happens, precisely because of its rarity. For example, in one case, I
>>had this problem because an sfdisk process started by my custom
>
> Thing is, by making git (and some other programs) hide this problem
> from you, this problem will get even *harder* to debug. Whereas as a
> daemon author you should be thankful that something breaks and shows you
> your daemon needs fixing.
True enough, unless it was worked around in libc or the kernel as I
suggested. That said, if git opens a file and writes random log
messages to it, I'd still consider that to be git's fault for doing
so.
I'm just feeling protective of the future sanity of other developers
here, hoping they don't have to go through what I did on a multi-week
bug hunt. (We were even blaming reiserfs for a while for our boot
sector getting zapped...) The fact that someone *other* than me has
suggested this change implies that I'm not the only one who has seen
such insanity in the wild.
It'd be fine if git simply died if fd 0, 1, or 2 isn't open when it
starts. Printing a warning message wouldn't work, for hopefully
obvious reasons. But it would be a shame to simply ignore this sort
of problem now that it's been brought up.
Have fun,
Avery
next prev parent reply other threads:[~2008-08-27 18:23 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-25 8:28 [PATCH] Fix start_command() pipe bug when stdin is closed Karl Chen
2008-08-25 10:44 ` Johannes Sixt
2008-08-25 11:49 ` Paolo Bonzini
2008-08-25 12:00 ` [PATCH v2] fix start_command() " Paolo Bonzini
2008-08-25 13:12 ` Johannes Sixt
2008-08-25 13:37 ` [PATCH v2 properly indented] " Paolo Bonzini
2008-08-25 16:00 ` Karl Chen
2008-08-26 0:06 ` Junio C Hamano
2008-08-26 6:09 ` Junio C Hamano
2008-08-26 6:33 ` Johannes Sixt
2008-08-26 6:45 ` Paolo Bonzini
2008-08-26 6:48 ` [PATCH] be paranoid about closed stdin/stdout/stderr Paolo Bonzini
2008-08-26 6:57 ` Johannes Sixt
2008-08-26 7:40 ` Stephen R. van den Berg
2008-08-27 5:01 ` Avery Pennarun
2008-08-27 9:18 ` Stephen R. van den Berg
2008-08-27 12:36 ` Paolo Bonzini
2008-08-27 15:20 ` [PATCH v4] make git-shell " Paolo Bonzini
2008-08-27 17:22 ` Stephen R. van den Berg
2008-08-27 17:27 ` [PATCH] be " Junio C Hamano
2008-08-28 13:17 ` Paolo Bonzini
2008-08-28 13:58 ` Stephen R. van den Berg
2008-08-27 18:22 ` Avery Pennarun [this message]
2008-08-28 12:21 ` Nick Andrew
2008-08-28 12:52 ` Stephen R. van den Berg
2008-08-26 17:38 ` Junio C Hamano
2008-08-26 18:33 ` Paolo Bonzini
2008-08-26 22:42 ` Junio C Hamano
2008-08-26 23:04 ` Junio C Hamano
2008-08-26 23:10 ` Stephen R. van den Berg
2008-08-27 3:05 ` Karl Chen
2008-08-27 4:38 ` Paolo Bonzini
2008-08-27 9:04 ` Stephen R. van den Berg
2008-08-27 6:35 ` Johannes Sixt
2008-08-27 8:20 ` Paolo Bonzini
2008-08-27 2:04 ` Nick Andrew
2008-08-25 15:56 ` [PATCH] Fix start_command() pipe bug when stdin is closed Karl Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=32541b130808271122t45031cc7n497da8da6ca52bd3@mail.gmail.com \
--to=apenwarr@gmail.com \
--cc=bonzini@gnu.org \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=j.sixt@viscovery.net \
--cc=quarl@cs.berkeley.edu \
--cc=srb@cuci.nl \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).