public inbox for git@vger.kernel.org
 help / color / mirror / Atom feed
From: "Paul Tarjan via GitGitGadget" <gitgitgadget@gmail.com>
To: git@vger.kernel.org
Cc: Patrick Steinhardt <ps@pks.im>, Paul Tarjan <paul@paultarjan.com>,
	Paul Tarjan <github@paulisageek.com>,
	Paul Tarjan <github@paulisageek.com>
Subject: [PATCH v11 08/12] run-command: add close_fd_above_stderr option
Date: Thu, 05 Mar 2026 06:55:08 +0000	[thread overview]
Message-ID: <50f5b4676e531c944ea40eaad265b14c2467a808.1772693712.git.gitgitgadget@gmail.com> (raw)
In-Reply-To: <pull.2147.v11.git.git.1772693712.gitgitgadget@gmail.com>

From: Paul Tarjan <github@paulisageek.com>

Add a close_fd_above_stderr flag to struct child_process.  When set,
the child closes file descriptors 3 and above between fork and exec
(skipping the child-notifier pipe), capped at sysconf(_SC_OPEN_MAX)
or 4096, whichever is smaller.  This prevents the child from
inheriting pipe endpoints or other descriptors from the parent
environment (e.g., the test harness).

Signed-off-by: Paul Tarjan <github@paulisageek.com>
---
 run-command.c | 12 ++++++++++++
 run-command.h |  9 +++++++++
 2 files changed, 21 insertions(+)

diff --git a/run-command.c b/run-command.c
index e3e02475cc..f4361906c9 100644
--- a/run-command.c
+++ b/run-command.c
@@ -546,6 +546,7 @@ static void atfork_parent(struct atfork_state *as)
 		"restoring signal mask");
 #endif
 }
+
 #endif /* GIT_WINDOWS_NATIVE */
 
 static inline void set_cloexec(int fd)
@@ -832,6 +833,17 @@ fail_pipe:
 			child_close(cmd->out);
 		}
 
+		if (cmd->close_fd_above_stderr) {
+			long max_fd = sysconf(_SC_OPEN_MAX);
+			int fd;
+			if (max_fd < 0 || max_fd > 4096)
+				max_fd = 4096;
+			for (fd = 3; fd < max_fd; fd++) {
+				if (fd != child_notifier)
+					close(fd);
+			}
+		}
+
 		if (cmd->dir && chdir(cmd->dir))
 			child_die(CHILD_ERR_CHDIR);
 
diff --git a/run-command.h b/run-command.h
index 0df25e445f..fdaa01e140 100644
--- a/run-command.h
+++ b/run-command.h
@@ -141,6 +141,15 @@ struct child_process {
 	unsigned stdout_to_stderr:1;
 	unsigned clean_on_exit:1;
 	unsigned wait_after_clean:1;
+
+	/**
+	 * Close file descriptors 3 and above in the child after forking
+	 * but before exec.  This prevents the child from inheriting
+	 * pipe endpoints or other descriptors from the parent
+	 * environment (e.g., the test harness).
+	 */
+	unsigned close_fd_above_stderr:1;
+
 	void (*clean_on_exit_handler)(struct child_process *process);
 };
 
-- 
gitgitgadget


  parent reply	other threads:[~2026-03-05  6:55 UTC|newest]

Thread overview: 129+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-12-30  8:14 [PATCH] fsmonitor: implement filesystem change listener for Linux Paul Tarjan via GitGitGadget
2025-12-30 11:38 ` Junio C Hamano
2025-12-30 12:08 ` [PATCH v2] " Paul Tarjan via GitGitGadget
2025-12-30 12:55   ` [PATCH v3] " Paul Tarjan via GitGitGadget
2025-12-31 17:41     ` [PATCH v4] " Paul Tarjan via GitGitGadget
2026-01-05 12:07       ` Patrick Steinhardt
2026-02-20 22:18         ` Junio C Hamano
2026-02-21 16:15           ` Paul Tarjan
2026-02-21 17:07             ` Junio C Hamano
2026-02-23  6:34               ` Patrick Steinhardt
2026-02-23 15:42                 ` Junio C Hamano
2026-02-23 15:46                   ` Patrick Steinhardt
2026-02-24  1:34                     ` Paul Tarjan
2026-02-24  8:03                       ` Patrick Steinhardt
2026-02-24  1:31       ` [PATCH v5] " Paul Tarjan via GitGitGadget
2026-02-24  8:03         ` Patrick Steinhardt
2026-02-25 20:17         ` [PATCH v6 00/10] " Paul Tarjan via GitGitGadget
2026-02-25 20:17           ` [PATCH v6 01/10] fsmonitor: fix khash memory leak in do_handle_client Paul Tarjan via GitGitGadget
2026-02-25 21:01             ` Junio C Hamano
2026-02-25 20:17           ` [PATCH v6 02/10] fsmonitor: fix hashmap memory leak in fsmonitor_run_daemon Paul Tarjan via GitGitGadget
2026-02-25 20:17           ` [PATCH v6 03/10] compat/win32: add pthread_cond_timedwait Paul Tarjan via GitGitGadget
2026-02-25 20:17           ` [PATCH v6 04/10] fsmonitor: use pthread_cond_timedwait for cookie wait Paul Tarjan via GitGitGadget
2026-02-25 21:13             ` Junio C Hamano
2026-02-27  6:31               ` Paul Tarjan
2026-02-27 16:44                 ` Junio C Hamano
2026-02-28  0:28                   ` Paul Tarjan
2026-02-25 21:17             ` Junio C Hamano
2026-02-27  6:31               ` Paul Tarjan
2026-02-25 20:17           ` [PATCH v6 05/10] fsmonitor: deduplicate IPC path logic for Unix platforms Paul Tarjan via GitGitGadget
2026-02-25 21:30             ` Junio C Hamano
2026-02-27  6:31               ` Paul Tarjan
2026-02-25 20:17           ` [PATCH v6 06/10] fsmonitor: deduplicate settings " Paul Tarjan via GitGitGadget
2026-02-25 21:31             ` Junio C Hamano
2026-02-27  6:31               ` Paul Tarjan
2026-02-25 20:17           ` [PATCH v6 07/10] fsmonitor: implement filesystem change listener for Linux Paul Tarjan via GitGitGadget
2026-02-25 20:17           ` [PATCH v6 08/10] fsmonitor: add tests " Paul Tarjan via GitGitGadget
2026-02-25 20:17           ` [PATCH v6 09/10] run-command: add close_fd_above_stderr option Paul Tarjan via GitGitGadget
2026-02-25 21:41             ` Junio C Hamano
2026-02-25 20:17           ` [PATCH v6 10/10] fsmonitor: close inherited file descriptors and detach in daemon Paul Tarjan via GitGitGadget
2026-02-26  0:27           ` [PATCH v7 00/10] fsmonitor: implement filesystem change listener for Linux Paul Tarjan via GitGitGadget
2026-02-26  0:27             ` [PATCH v7 01/10] fsmonitor: fix khash memory leak in do_handle_client Paul Tarjan via GitGitGadget
2026-03-04  7:42               ` Patrick Steinhardt
2026-03-04 18:17                 ` Paul Tarjan
2026-02-26  0:27             ` [PATCH v7 02/10] fsmonitor: fix hashmap memory leak in fsmonitor_run_daemon Paul Tarjan via GitGitGadget
2026-03-04  7:42               ` Patrick Steinhardt
2026-03-04 18:17                 ` Paul Tarjan
2026-02-26  0:27             ` [PATCH v7 03/10] compat/win32: add pthread_cond_timedwait Paul Tarjan via GitGitGadget
2026-03-04  7:42               ` Patrick Steinhardt
2026-03-04 18:17                 ` Paul Tarjan
2026-02-26  0:27             ` [PATCH v7 04/10] fsmonitor: use pthread_cond_timedwait for cookie wait Paul Tarjan via GitGitGadget
2026-03-04  7:42               ` Patrick Steinhardt
2026-03-04 18:17                 ` Paul Tarjan
2026-02-26  0:27             ` [PATCH v7 05/10] fsmonitor: deduplicate IPC path logic for Unix platforms Paul Tarjan via GitGitGadget
2026-03-04  7:42               ` Patrick Steinhardt
2026-03-04 18:17                 ` Paul Tarjan
2026-02-26  0:27             ` [PATCH v7 06/10] fsmonitor: deduplicate settings " Paul Tarjan via GitGitGadget
2026-03-04  7:43               ` Patrick Steinhardt
2026-03-04 18:17                 ` Paul Tarjan
2026-02-26  0:27             ` [PATCH v7 07/10] fsmonitor: implement filesystem change listener for Linux Paul Tarjan via GitGitGadget
2026-03-04  7:43               ` Patrick Steinhardt
2026-03-04 18:17                 ` Paul Tarjan
2026-02-26  0:27             ` [PATCH v7 08/10] fsmonitor: add tests " Paul Tarjan via GitGitGadget
2026-03-04  7:43               ` Patrick Steinhardt
2026-03-04 18:17                 ` Paul Tarjan
2026-02-26  0:27             ` [PATCH v7 09/10] run-command: add close_fd_above_stderr option Paul Tarjan via GitGitGadget
2026-02-26  0:27             ` [PATCH v7 10/10] fsmonitor: close inherited file descriptors and detach in daemon Paul Tarjan via GitGitGadget
2026-03-04  7:43               ` Patrick Steinhardt
2026-03-04 18:17                 ` Paul Tarjan
2026-02-26 15:34             ` [PATCH v7 00/10] fsmonitor: implement filesystem change listener for Linux Junio C Hamano
2026-03-04 18:15             ` [PATCH v8 00/12] " Paul Tarjan via GitGitGadget
2026-03-04 18:15               ` [PATCH v8 01/12] fsmonitor: fix khash memory leak in do_handle_client Paul Tarjan via GitGitGadget
2026-03-04 18:15               ` [PATCH v8 02/12] fsmonitor: fix hashmap memory leak in fsmonitor_run_daemon Paul Tarjan via GitGitGadget
2026-03-04 18:15               ` [PATCH v8 03/12] compat/win32: add pthread_cond_timedwait Paul Tarjan via GitGitGadget
2026-03-04 18:15               ` [PATCH v8 04/12] fsmonitor: use pthread_cond_timedwait for cookie wait Paul Tarjan via GitGitGadget
2026-03-04 18:15               ` [PATCH v8 05/12] fsmonitor: rename fsm-ipc-darwin.c to fsm-ipc-unix.c Paul Tarjan via GitGitGadget
2026-03-04 18:15               ` [PATCH v8 06/12] fsmonitor: rename fsm-settings-darwin.c to fsm-settings-unix.c Paul Tarjan via GitGitGadget
2026-03-04 18:15               ` [PATCH v8 07/12] fsmonitor: implement filesystem change listener for Linux Paul Tarjan via GitGitGadget
2026-03-04 18:15               ` [PATCH v8 08/12] run-command: add close_fd_above_stderr option Paul Tarjan via GitGitGadget
2026-03-04 20:51                 ` Junio C Hamano
2026-03-05  0:49                   ` [PATCH v8 09/12] " Paul Tarjan
2026-03-05  4:13                     ` Junio C Hamano
2026-03-05  6:38                       ` [PATCH v9 09/12] run-command: add pre-exec callback for child processes Paul Tarjan
2026-03-04 18:15               ` [PATCH v8 09/12] fsmonitor: close inherited file descriptors and detach in daemon Paul Tarjan via GitGitGadget
2026-03-04 18:15               ` [PATCH v8 10/12] fsmonitor: add timeout to daemon stop command Paul Tarjan via GitGitGadget
2026-03-04 18:15               ` [PATCH v8 11/12] fsmonitor: add tests for Linux Paul Tarjan via GitGitGadget
2026-03-04 18:15               ` [PATCH v8 12/12] fsmonitor: convert shown khash to strset in do_handle_client Paul Tarjan via GitGitGadget
2026-03-05  0:51               ` [PATCH v9 00/12] fsmonitor: implement filesystem change listener for Linux Paul Tarjan via GitGitGadget
2026-03-05  0:51                 ` [PATCH v9 01/12] fsmonitor: fix khash memory leak in do_handle_client Paul Tarjan via GitGitGadget
2026-03-05  0:51                 ` [PATCH v9 02/12] fsmonitor: fix hashmap memory leak in fsmonitor_run_daemon Paul Tarjan via GitGitGadget
2026-03-05  0:51                 ` [PATCH v9 03/12] compat/win32: add pthread_cond_timedwait Paul Tarjan via GitGitGadget
2026-03-05  0:51                 ` [PATCH v9 04/12] fsmonitor: use pthread_cond_timedwait for cookie wait Paul Tarjan via GitGitGadget
2026-03-05  0:51                 ` [PATCH v9 05/12] fsmonitor: rename fsm-ipc-darwin.c to fsm-ipc-unix.c Paul Tarjan via GitGitGadget
2026-03-05  0:51                 ` [PATCH v9 06/12] fsmonitor: rename fsm-settings-darwin.c to fsm-settings-unix.c Paul Tarjan via GitGitGadget
2026-03-05  0:51                 ` [PATCH v9 07/12] fsmonitor: implement filesystem change listener for Linux Paul Tarjan via GitGitGadget
2026-03-05  0:51                 ` [PATCH v9 08/12] run-command: add pre-exec callback for child processes Paul Tarjan via GitGitGadget
2026-03-05  0:51                 ` [PATCH v9 09/12] fsmonitor: close inherited file descriptors and detach in daemon Paul Tarjan via GitGitGadget
2026-03-05  0:51                 ` [PATCH v9 10/12] fsmonitor: add timeout to daemon stop command Paul Tarjan via GitGitGadget
2026-03-05  0:51                 ` [PATCH v9 11/12] fsmonitor: add tests for Linux Paul Tarjan via GitGitGadget
2026-03-05  0:52                 ` [PATCH v9 12/12] fsmonitor: convert shown khash to strset in do_handle_client Paul Tarjan via GitGitGadget
2026-03-05  1:16                 ` [PATCH v10 00/12] fsmonitor: implement filesystem change listener for Linux Paul Tarjan via GitGitGadget
2026-03-05  1:16                   ` [PATCH v10 01/12] fsmonitor: fix khash memory leak in do_handle_client Paul Tarjan via GitGitGadget
2026-03-05  1:16                   ` [PATCH v10 02/12] fsmonitor: fix hashmap memory leak in fsmonitor_run_daemon Paul Tarjan via GitGitGadget
2026-03-05  1:16                   ` [PATCH v10 03/12] compat/win32: add pthread_cond_timedwait Paul Tarjan via GitGitGadget
2026-03-05  1:16                   ` [PATCH v10 04/12] fsmonitor: use pthread_cond_timedwait for cookie wait Paul Tarjan via GitGitGadget
2026-03-05  1:16                   ` [PATCH v10 05/12] fsmonitor: rename fsm-ipc-darwin.c to fsm-ipc-unix.c Paul Tarjan via GitGitGadget
2026-03-05  1:16                   ` [PATCH v10 06/12] fsmonitor: rename fsm-settings-darwin.c to fsm-settings-unix.c Paul Tarjan via GitGitGadget
2026-03-05  1:16                   ` [PATCH v10 07/12] fsmonitor: implement filesystem change listener for Linux Paul Tarjan via GitGitGadget
2026-03-05  1:16                   ` [PATCH v10 08/12] run-command: add pre-exec callback for child processes Paul Tarjan via GitGitGadget
2026-03-05  1:16                   ` [PATCH v10 09/12] fsmonitor: close inherited file descriptors and detach in daemon Paul Tarjan via GitGitGadget
2026-03-05  1:16                   ` [PATCH v10 10/12] fsmonitor: add timeout to daemon stop command Paul Tarjan via GitGitGadget
2026-03-05  1:16                   ` [PATCH v10 11/12] fsmonitor: add tests for Linux Paul Tarjan via GitGitGadget
2026-03-05  1:16                   ` [PATCH v10 12/12] fsmonitor: convert shown khash to strset in do_handle_client Paul Tarjan via GitGitGadget
2026-03-05  6:55                   ` [PATCH v11 00/12] fsmonitor: implement filesystem change listener for Linux Paul Tarjan via GitGitGadget
2026-03-05  6:55                     ` [PATCH v11 01/12] fsmonitor: fix khash memory leak in do_handle_client Paul Tarjan via GitGitGadget
2026-03-05  6:55                     ` [PATCH v11 02/12] fsmonitor: fix hashmap memory leak in fsmonitor_run_daemon Paul Tarjan via GitGitGadget
2026-03-05  6:55                     ` [PATCH v11 03/12] compat/win32: add pthread_cond_timedwait Paul Tarjan via GitGitGadget
2026-03-05  6:55                     ` [PATCH v11 04/12] fsmonitor: use pthread_cond_timedwait for cookie wait Paul Tarjan via GitGitGadget
2026-03-05  6:55                     ` [PATCH v11 05/12] fsmonitor: rename fsm-ipc-darwin.c to fsm-ipc-unix.c Paul Tarjan via GitGitGadget
2026-03-05  6:55                     ` [PATCH v11 06/12] fsmonitor: rename fsm-settings-darwin.c to fsm-settings-unix.c Paul Tarjan via GitGitGadget
2026-03-05  6:55                     ` [PATCH v11 07/12] fsmonitor: implement filesystem change listener for Linux Paul Tarjan via GitGitGadget
2026-03-05  6:55                     ` Paul Tarjan via GitGitGadget [this message]
2026-03-05  6:55                     ` [PATCH v11 09/12] fsmonitor: close inherited file descriptors and detach in daemon Paul Tarjan via GitGitGadget
2026-03-05  6:55                     ` [PATCH v11 10/12] fsmonitor: add timeout to daemon stop command Paul Tarjan via GitGitGadget
2026-03-05  6:55                     ` [PATCH v11 11/12] fsmonitor: add tests for Linux Paul Tarjan via GitGitGadget
2026-03-05  6:55                     ` [PATCH v11 12/12] fsmonitor: convert shown khash to strset in do_handle_client Paul Tarjan via GitGitGadget
2026-03-05  7:37                     ` [PATCH v11 00/12] fsmonitor: implement filesystem change listener for Linux Patrick Steinhardt
2026-03-05 14:15                       ` Paul Tarjan
2026-03-25 20:00                       ` Junio C Hamano
2025-12-30 15:37   ` [PATCH v2] " Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=50f5b4676e531c944ea40eaad265b14c2467a808.1772693712.git.gitgitgadget@gmail.com \
    --to=gitgitgadget@gmail.com \
    --cc=git@vger.kernel.org \
    --cc=github@paulisageek.com \
    --cc=paul@paultarjan.com \
    --cc=ps@pks.im \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox