On Tue, 25 Aug 2009, Eric Blake wrote: > Another solution is for the application to sanitize all newly-created > fds: GNU coreutils provides a wrapper open_safer, which does nothing > extra in the common case that open() returned 3 or larger, but calls > fcntl(n,F_DUPFD,3)/close(n) before returning if n was less than 3. > However, this leads to triple the syscall cost for every open() call > if the process starts life with a std fd closed; and if O_CLOEXEC is > not used, still leaves a window of time where the fd can be leaked > through another thread's use of fork/exec.
I think we can say that the vast majority of the software is not going to notice the proposed open_safer(), performance-wise, since the first three fds are always filled. So IMO the performance impact argument is a weak one. If CLOEXEC semantics are needed in the open operation, F_DUPFD_CLOEXEC can be used to match it. While the patch is simple, IMO this is something that can be easily taken care in glibc layers w/out huge drawbacks. - Davide
