apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lucian Adrian Grijincu" <lucian.griji...@gmail.com>
Subject Re: To O_CLOEXEC or not?
Date Tue, 05 Aug 2008 11:40:25 GMT
On Tue, Aug 5, 2008 at 04:52, Bojan Smojver <bojan@rexursive.com> wrote:
> After reading this article on LWN: http://lwn.net/Articles/292559/, it
> occurred to me that it may be useful to pass this flag to open in
> apr_file_open() on platforms that support it, in case someone decides to
> fork()/execve() by non-APR means.

A project I worked on a while back supported external third party
plug-ins. Those plug-ins could, at any point decide to
fork()/execve(). I'm pretty sure this wasn't the only project of this
kind that used APR (do you know what the binary dbd's you link APR to
do?)

> Of course, apr_file_inherit_[un]set() would have to be modified
> accordingly.
>
> Comments?
By all means, the more default security measures are added, the better.
However this would imply a jump to APR 2.x and a considerable effort
for APR users.

-- 
Lucian

Mime
View raw message