[compiler-rt] r370121 - [sanitizer_common] Close superfluous file descriptors in spawned process

[Julian Lettner via llvm-commits]

Author: yln
Date: Tue Aug 27 15:12:26 2019
New Revision: 370121

URL: http://llvm.org/viewvc/llvm-project?rev=370121&view=rev
Log:
[sanitizer_common] Close superfluous file descriptors in spawned process

Use attribute flag `POSIX_SPAWN_CLOEXEC_DEFAULT` in the call to
`posix_spawn`.

If this flag is set, then only file descriptors explicitly described by
the file_actions argument are available in the spawned process; all of
the other file descriptors are automatically closed in the spawned
process.

POSIX_SPAWN_CLOEXEC_DEFAULT is an Apple-specific extension.

Modified:
    compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cpp

Modified: compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cpp
URL: http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cpp?rev=370121&r1=370120&r2=370121&view=diff
==============================================================================
--- compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cpp (original)
+++ compiler-rt/trunk/lib/sanitizer_common/sanitizer_mac.cpp Tue Aug 27 15:12:26 2019
@@ -268,20 +268,38 @@ static fd_t internal_spawn_impl(const ch
   slave_fd = internal_open(slave_pty_name, O_RDWR);
   if (slave_fd == kInvalidFd) return kInvalidFd;
 
+  // File descriptor actions
   posix_spawn_file_actions_t acts;
   res = posix_spawn_file_actions_init(&acts);
   if (res != 0) return kInvalidFd;
 
-  auto fa_cleanup = at_scope_exit([&] {
+  auto acts_cleanup = at_scope_exit([&] {
     posix_spawn_file_actions_destroy(&acts);
   });
 
-  char **env = GetEnviron();
   res = posix_spawn_file_actions_adddup2(&acts, slave_fd, STDIN_FILENO) ||
         posix_spawn_file_actions_adddup2(&acts, slave_fd, STDOUT_FILENO) ||
-        posix_spawn_file_actions_addclose(&acts, slave_fd) ||
-        posix_spawn_file_actions_addclose(&acts, master_fd) ||
-        posix_spawn(pid, argv[0], &acts, NULL, const_cast<char **>(argv), env);
+        posix_spawn_file_actions_addclose(&acts, slave_fd);
+  if (res != 0) return kInvalidFd;
+
+  // Spawn attributes
+  posix_spawnattr_t attrs;
+  res = posix_spawnattr_init(&attrs);
+  if (res != 0) return kInvalidFd;
+
+  auto attrs_cleanup  = at_scope_exit([&] {
+    posix_spawnattr_destroy(&attrs);
+  });
+
+  // In the spawned process, close all file descriptors that are not explicitly
+  // described by the file actions object. This is Darwin-specific extension.
+  res = posix_spawnattr_setflags(&attrs, POSIX_SPAWN_CLOEXEC_DEFAULT);
+  if (res != 0) return kInvalidFd;
+
+  // posix_spawn
+  char **argv_casted = const_cast<char **>(argv);
+  char **env = GetEnviron();
+  res = posix_spawn(pid, argv[0], &acts, &attrs, argv_casted, env);
   if (res != 0) return kInvalidFd;
 
   // Disable echo in the new terminal, disable CR.