plash
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Plash] Question about file descriptors

From: Mark Seaborn
Subject: Re: [Plash] Question about file descriptors
Date: Sat, 28 Feb 2009 18:16:39 +0000 (GMT) 
Thomas Leonard <address@hidden> wrote:

> I'm trying to pass a file descriptor to a process running under
> pola-run, but it doesn't seem to work:
> 
> $ python -c 'import os; print os.read(5, 100)' 5< /etc/hosts
> 127.0.0.1       localhost
> 
> $ pola-run -f / -e python -c 'import os; print os.read(5, 100)' 5< /etc/hosts
> OSError: [Errno 9] Bad file descriptor

Try adding "--fd 5".  FDs are not passed on by pola-run by default
because POSIX interfaces make it too easy to do so accidentally.
This works:

pola-run -f / --fd 5 -e python -c 'import os; print os.read(5, 100)' 5< 
/etc/hosts


> Strangely, though, this works:
> 
> $ python -c 'import os; print file("/proc/self/fd/5").read()' 5< /etc/hosts
> 127.0.0.1       localhost

If you grant /proc/self/fd (either explicitly with "-f /proc/self/fd"
or implicitly with "-f /"), when the sandboxed process opens
/proc/self/fd/N it will actually be getting fd N from pola-run's FD
table, not from its own FD table.  So granting /proc/self/fd can be
hazardous.

Implementing /proc/self/fd is problematic for Plash.  See:
http://www.eros-os.org/pipermail/cap-talk/2008-July/011124.html
http://www.eros-os.org/pipermail/cap-talk/2008-July/011127.html


> It works if I use FD 0 rather than 5, too.

Yes, stdin, stdout and stderr are passed implicitly (but they are
proxied, because tty FDs cannot be shared safely).


> I see _set_up_fds() calls close() a lot. Is this necessary?

If you want to close all FDs by default, yes, because other than
/proc/self/fd (which we can't use) there is no way to find out what
FDs are open.  Linux lacks the closefrom() syscall that some BSD
kernels have.

Mark
reply via email to
[Prev in Thread] Current Thread [Next in Thread]