Re: [PATCH] sort, split, yes: ensure pipe and pipe2 don't open standard descriptors

Wed, 18 Mar 2026 19:24:37 -0700 

Collin Funk <[email protected]> writes:

> Pádraig Brady <[email protected]> writes:
>
>> On 18/03/2026 06:09, Collin Funk wrote:
>>> I noticed that 'yes' did not use pipe2_safer to check that the file
>>> descriptors aren't any of the standard file descriptors. This fixes
>>> that and some similar cases in other programs.
>>> Is it worth a NEWS mention? I assume that it is difficult to reach a
>>> point where pipe or pipe2 would open a standard file descriptor in
>>> these areas, give that this hasn't been reported as a bug.
>>
>> Oh very good spot.
>>
>> I did check yes(1) with closed stdout,
>> with and without the initial probing write().
>> But it's best avoid these variances.
>>
>> I see we have sc_require_{stdio,stdlib}_safer in cfg.mk.
>> We probably should have a unistd variant also.
>
> This patch did add that. :)
>
> I pushed it. Thanks for the review.

Shouldn't the same go for fcntl--.h for open, openat, and creat?

Here is the proposed rule:

diff --git a/cfg.mk b/cfg.mk
index aa2c86e23..22d0d1f2d 100644
--- a/cfg.mk
+++ b/cfg.mk
@@ -579,6 +579,19 @@ sc_prohibit_short_facl_mode_spec:
        halt='setfacl mode string length < 3; extend with hyphen(s)'    \
          $(_sc_search_regexp)
 
+# Ensure that "fcntl--.h" is used where appropriate.
+sc_require_fcntl_safer:
+       @if $(VC_LIST_EXCEPT) | grep -l '\.[ch]$$' > /dev/null; then    \
+         files=$$(grep -El '$(begword)(open(at)?|creat) ?\('           \
+                  $$($(VC_LIST_EXCEPT)                                 \
+             | grep '\.[ch]$$'));                                      \
+         test -n "$$files" && grep -LE 'include "fcntl--.h"' $$files   \
+             | grep . &&                                               \
+         { echo '$(ME): the above files should use "fcntl--.h"'        \
+               1>&2; exit 1; } || :;                                   \
+       else :;                                                         \
+       fi
+
 # Ensure that "stdio--.h" is used where appropriate.
 sc_require_stdio_safer:
        @if $(VC_LIST_EXCEPT) | grep -l '\.[ch]$$' > /dev/null; then    \

And the list of files it catches:

    require_fcntl_safer
    gl/lib/fd-reopen.c
    gl/lib/targetdir.c
    src/cat.c
    src/chown-core.c
    src/df.c
    src/head.c
    src/install.c
    src/nohup.c
    src/pinky.c
    src/pr.c
    src/selinux.c
    src/sort.c
    src/sync.c
    src/system.h
    src/tac.c
    src/truncate.c
    src/wc.c
    src/who.c
    maint.mk: the above files should use "fcntl--.h"
    make: *** [cfg.mk:584: sc_require_fcntl_safer] Error 1

Collin

Reply via email to