aboutsummaryrefslogtreecommitdiff
path: root/butl/fdstream
diff options
context:
space:
mode:
authorKaren Arutyunov <karen@codesynthesis.com>2017-03-18 00:55:59 +0300
committerKaren Arutyunov <karen@codesynthesis.com>2017-03-20 17:24:38 +0300
commitaa5ce03b40003ee8f7cfff4d2f1285b405f5906a (patch)
tree29d4131e644554e2dbe38c1ed84e4847467ff5b7 /butl/fdstream
parentd13eb80e2f4114a97c523a7273d7de4c587dd22a (diff)
Fix file descriptors leakage to child process on Windows
Diffstat (limited to 'butl/fdstream')
-rw-r--r--butl/fdstream21
1 files changed, 16 insertions, 5 deletions
diff --git a/butl/fdstream b/butl/fdstream
index 8d6385f..6697dd9 100644
--- a/butl/fdstream
+++ b/butl/fdstream
@@ -487,7 +487,9 @@ namespace butl
// Windows permissions other than ru and wu are unlikelly to have effect.
//
// Also note that on POSIX the FD_CLOEXEC flag is set for the file descriptor
- // to prevent its leakage into child processes.
+ // to prevent its leakage into child processes. On Windows, for the same
+ // purpose, the _O_NOINHERIT flag is set. Note that the process class, that
+ // passes such a descriptor to the child, makes it inheritable for a while.
//
LIBBUTL_EXPORT auto_fd
fdopen (const char*,
@@ -516,9 +518,16 @@ namespace butl
// Note that on POSIX the FD_CLOEXEC flag is set for the new descriptor if it
// is present for the source one. That's in contrast to POSIX dup() that
// doesn't copy file descriptor flags. Also note that duplicating descriptor
- // and setting the flag is not an atomic operation.
+ // and setting the flag is not an atomic operation generally, but it is in
+ // regards to child process spawning (to prevent file descriptor leakage into
+ // a child process).
//
- // @@ Should we copy HANDLE_FLAG_INHERIT flag on Windows as well?
+ // Note that on Windows the _O_NOINHERIT flag is set for the new descriptor
+ // if it is present for the source one. That's in contrast to Windows _dup()
+ // that doesn't copy the flag. Also note that duplicating descriptor and
+ // setting the flag is not an atomic operation generally, but it is in
+ // regards to child process spawning (to prevent file descriptor leakage into
+ // a child process).
//
LIBBUTL_EXPORT auto_fd
fddup (int fd);
@@ -608,8 +617,10 @@ namespace butl
// automatically closed by the child process to prevent undesired behaviors
// (such as child deadlock on read from a pipe due to the write-end leakage
// into the child process). Opening pipe and setting the flag is not an
- // atomic operation. Also note that you don't need to reset the flag for a
- // pipe end being passed to the process class ctor.
+ // atomic operation generally, but it is in regards to child process spawning
+ // (to prevent file descriptor leakage into child processes spawned from
+ // other threads). Also note that you don't need to reset the flag for a pipe
+ // end being passed to the process class ctor.
//
LIBBUTL_EXPORT fdpipe
fdopen_pipe (fdopen_mode = fdopen_mode::none);