[gnutls-devel] GnuTLS | GnuTLS leaks file descriptors in child processes (#985)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Fri May 8 18:03:39 CEST 2020

Remi Denis-Courmont commented:

I doubt that. Normally you need the flag to be set atomically in multi-thread context. That's the whole point of using *_CLOEXEC flags.

Otherwise there is a race if a thread calls `fork()` between the `fopen()` and the `set_close_exec()` flag. `fork()` copies the flag at the time of forking.

For instance:

* Thread A calls `gnutls_handshake()`... which opens the master key log file wit `fopen()`.
  * This creates a new file descriptor (without close-on-exec flag).
* Thread B calls `fork()` from application code.
  * The file descriptor is copied into the child process (also without the close-on-exec flag).
* Thread A calls `set_cloese_exec()` (or directly `fcntl()`).
  * This sets the flag on the parent process FD, but not the child process FD.
* Child process calls `execv()` oblivious to the FD. The master key log FD is leaked to the child process.

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/985#note_339180992
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200508/de120fb4/attachment.html>

More information about the Gnutls-devel mailing list