GNU bug report logs - #78757
shepherd: dangling file descriptor to /dev/console

Previous Next

Package: guix;

Reported by: burban <at> opopop.net

Date: Wed, 11 Jun 2025 14:55:02 UTC

Severity: normal

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #16 received at 78757-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: burban <at> opopop.net
Cc: 78757-done <at> debbugs.gnu.org
Subject: Re: bug#78757: shepherd: dangling file descriptor to /dev/console
Date: Mon, 16 Jun 2025 15:35:19 +0200

Hi,

burban <at> opopop.net writes:

>> ‘shepherd’ marks all previously-opened FDs as O_CLOEXEC upfront—see
>> ‘mark-as-close-on-exec’ in ‘shepherd.scm’.  Those opened later are
>> opened with O_CLOEXEC, except for user code that explicitly omits the
>> O_CLOEXEC flag.
>
> Hmmm.... I have at one point (before the above (port-for-each ...)
>
> (define *s* (open-output-file "/proc/self/fd/1"))
>
> to have an early log output to (on ordinary PC) /dev/tty1. But maybe /dev/tty1
> is a synonym for /dev/console. Let's test that:
>
> (fileno *s*) returns 19 indeed! Now all I have to do is (fcntl *s*
> F_SETFD FD_CLOEXEC) after creating *s*.

Ah yes, it’s easy to shot oneself in the foot.  ;-)

To reduce the risks, ‘shepherd’ replaces ‘call-with-input-file’ and
‘call-with-output-file’ with O_CLOEXEC variants (commit
47c693d51a991e9a3d5ed6e75760c61e329cc537) because it wouldn’t make much
sense to not have O_CLOEXEC for these.  However, the other procedures
are left unchanged because users might need it.

> So you can close that ticket.

Thanks,
Ludo’.
This bug report was last modified 29 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.