From: Karl Chen <quarl@cs.berkeley.edu>
To: Junio C Hamano <gitster@pobox.com>
Cc: Paolo Bonzini <bonzini@gnu.org>,
Johannes Sixt <j.sixt@viscovery.net>,
Git mailing list <git@vger.kernel.org>
Subject: Re: [PATCH] be paranoid about closed stdin/stdout/stderr
Date: Tue, 26 Aug 2008 20:05:35 -0700 [thread overview]
Message-ID: <quack.20080826T2005.lthzlmz2m4g@roar.cs.berkeley.edu> (raw)
In-Reply-To: <7v3akr2xa3.fsf@gitster.siamese.dyndns.org> (Junio C. Hamano's message of "Tue\, 26 Aug 2008 16\:04\:36 -0700")
>>>>> On 2008-08-26 16:04 PDT, Junio C Hamano writes:
Junio> I think
Junio> $ git fetch 0<&-
Junio> from the command line is a mere user stupidity.
Junio> On the other hand, if a cron/at job that contains "git
Junio> fetch" is launched in an environment with fd#0 (or #1
Junio> or #2 for that matter) closed, it would certainly be
Junio> problematic. It can easily be worked around by
Junio> redirecting file descriptors appropriately in the
Junio> script that is launched, though.
I agree command-line 'git fetch 0<&-' is silly. The example I
gave was minimized to show the symptom. I ran across this with a
more complicated cron-ish setup that closes stdin. I actually had
to look up the shell syntax for closing file descriptors.
Yes, I can work around this issue with sh -c 'git fetch
0</dev/null', and maybe it shouldn't close(0) in the first place.
But I don't see the harm in being safe. It's one less potential
surprise for users. This is the first program I've encountered
that broke due to stdin being closed, and it took debugging to
figure out that was the reason.
Re security, it's actually a good idea to be safe early on if it
could ever become an issue. I keep /etc on my systems in version
control, and I've worked in production environments where some
users have access only via version control commands.
next prev parent reply other threads:[~2008-08-27 3:06 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-25 8:28 [PATCH] Fix start_command() pipe bug when stdin is closed Karl Chen
2008-08-25 10:44 ` Johannes Sixt
2008-08-25 11:49 ` Paolo Bonzini
2008-08-25 12:00 ` [PATCH v2] fix start_command() " Paolo Bonzini
2008-08-25 13:12 ` Johannes Sixt
2008-08-25 13:37 ` [PATCH v2 properly indented] " Paolo Bonzini
2008-08-25 16:00 ` Karl Chen
2008-08-26 0:06 ` Junio C Hamano
2008-08-26 6:09 ` Junio C Hamano
2008-08-26 6:33 ` Johannes Sixt
2008-08-26 6:45 ` Paolo Bonzini
2008-08-26 6:48 ` [PATCH] be paranoid about closed stdin/stdout/stderr Paolo Bonzini
2008-08-26 6:57 ` Johannes Sixt
2008-08-26 7:40 ` Stephen R. van den Berg
2008-08-27 5:01 ` Avery Pennarun
2008-08-27 9:18 ` Stephen R. van den Berg
2008-08-27 12:36 ` Paolo Bonzini
2008-08-27 15:20 ` [PATCH v4] make git-shell " Paolo Bonzini
2008-08-27 17:22 ` Stephen R. van den Berg
2008-08-27 17:27 ` [PATCH] be " Junio C Hamano
2008-08-28 13:17 ` Paolo Bonzini
2008-08-28 13:58 ` Stephen R. van den Berg
2008-08-27 18:22 ` Avery Pennarun
2008-08-28 12:21 ` Nick Andrew
2008-08-28 12:52 ` Stephen R. van den Berg
2008-08-26 17:38 ` Junio C Hamano
2008-08-26 18:33 ` Paolo Bonzini
2008-08-26 22:42 ` Junio C Hamano
2008-08-26 23:04 ` Junio C Hamano
2008-08-26 23:10 ` Stephen R. van den Berg
2008-08-27 3:05 ` Karl Chen [this message]
2008-08-27 4:38 ` Paolo Bonzini
2008-08-27 9:04 ` Stephen R. van den Berg
2008-08-27 6:35 ` Johannes Sixt
2008-08-27 8:20 ` Paolo Bonzini
2008-08-27 2:04 ` Nick Andrew
2008-08-25 15:56 ` [PATCH] Fix start_command() pipe bug when stdin is closed Karl Chen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=quack.20080826T2005.lthzlmz2m4g@roar.cs.berkeley.edu \
--to=quarl@cs.berkeley.edu \
--cc=bonzini@gnu.org \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=j.sixt@viscovery.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).