'spawn' closes only open file descriptors on non-GNU/Linux systems.

Fixes <https://bugs.gnu.org/61095>. Reported by Omar Polo <op@omarpolo.com>. * libguile/posix.c (close_inherited_fds_slow): On systems other than GNU/Linux, call 'addclose' only when 'fcntl' succeeds on MAX_FD. * NEWS: Update.
2025-06-30 06:50:31 +02:00 · 2023-03-28 23:35:35 +02:00 · 2023-03-28 23:35:35 +02:00 · 21ad54b694
commit 21ad54b694
parent e334e59589
2 changed files with 21 additions and 2 deletions
--- a/4
+++ b/4
@ -24,7 +24,9 @@ the compiler reports it as "possibly unused".
 * Bug fixes

 ** (ice-9 suspendable-ports) incorrect UTF-8 decoding
-   (https://bugs.gnu.org/62290)
+   (<https://bugs.gnu.org/62290>)
+** Fix invalid use of 'posix_spawn' on non-glibc systems
+   (<https://bugs.gnu.org/61095>)
 ** Hashing of UTF-8 symbols with non-ASCII characters avoids corruption
   (<https://bugs.gnu.org/56413>)

--- a/libguile/posix.c
+++ b/libguile/posix.c
@ -1326,7 +1326,24 @@ static void
 close_inherited_fds_slow (posix_spawn_file_actions_t *actions, int max_fd)
 {
  while (--max_fd > 2)
+    {
+      /* Adding a 'close' action for a file descriptor that is not open
+         causes 'posix_spawn' to fail on GNU/Hurd and on OpenBSD, but
+         not on GNU/Linux: <https://bugs.gnu.org/61095>.  Hence this
+         strategy:
+
+           - On GNU/Linux, close every FD, since that's the only
+             race-free way to make sure the child doesn't inherit one.
+           - On other systems, only close FDs currently open in the
+             parent; it works, but it's racy (XXX).
+
+         The only reliable option is 'addclosefrom'.  */
+#if ! (defined __GLIBC__ && defined __linux__)
+      int flags = fcntl (max_fd, F_GETFD, NULL);
+      if (flags >= 0)
+#endif
        posix_spawn_file_actions_addclose (actions, max_fd);
+    }
 }

 static void