Message416986
After #40422 _Py_closerange() assumes that close_range() closes all file descriptors even if it returns an error (other than ENOSYS):
if (close_range(first, last, 0) == 0 || errno != ENOSYS) {
/* Any errors encountered while closing file descriptors are ignored;
* ENOSYS means no kernel support, though,
* so we'll fallback to the other methods. */
}
else
/* fallbacks */
This assumption can be wrong on Linux if a seccomp sandbox denies the underlying syscall, pretending that it returns EPERM or EACCES. In this case _Py_closerange() won't close any descriptors at all, which in the worst case can be a security issue.
I propose to fix this by falling back to other methods in case of *any* close_range() error. Note that fallbacks will not be triggered on any problems with closing individual file descriptors because close_range() is documented to ignore such errors on both Linux[1] and FreeBSD[2].
[1] https://man7.org/linux/man-pages/man2/close_range.2.html
[2] https://www.freebsd.org/cgi/man.cgi?query=close_range&sektion=2 |
|
Date |
User |
Action |
Args |
2022-04-08 14:29:30 | izbyshev | set | recipients:
+ izbyshev, gregory.p.smith, kevans, kevans91 |
2022-04-08 14:29:30 | izbyshev | set | messageid: <1649428170.19.0.996694042165.issue47260@roundup.psfhosted.org> |
2022-04-08 14:29:30 | izbyshev | link | issue47260 messages |
2022-04-08 14:29:29 | izbyshev | create | |
|