[Xapian-tickets] [Xapian] #651: Protect writable fds by setting filepos very high

Xapian nobody at xapian.org
Tue Apr 10 22:47:44 BST 2018 

#651: Protect writable fds by setting filepos very high
---------------------------+-----------------------------
 Reporter:  olly           |             Owner:  olly
     Type:  enhancement    |            Status:  assigned
 Priority:  normal         |         Milestone:  1.5.0
Component:  Backend-Glass  |           Version:
 Severity:  normal         |        Resolution:
 Keywords:                 |        Blocked By:
 Blocking:                 |  Operating System:  All
---------------------------+-----------------------------
Description changed by olly:

Old description:

> I noticed that sqlite has SQLITE_MINIMUM_FILE_DESCRIPTOR and by default
> avoids using fds less than 3 in case something else in the same process
> tries to write to them, thinking output is going to stdout or stderr
> (e.g. a call to {{{write(2, ...)}}}):
>
> http://sqlite.org/compile.html#minimum_file_descriptor
>
> Elsewhere I read that this was apparently added in response to actual
> database corruption from such situations (I bet that was a pain to
> debug!)
>
> I think Xapian should definitely avoid at least fds 1 and 2 for writable
> handles, probably avoid fd 0 for reading, and perhaps just avoid anything
> < 3 for read or write like sqlite seems to.
>
> I'll note we already have special case code to handle the lock file being
> opened as a low fd on Unix, where we fork a child process and want to
> hook up its stdin and stdout to the parent.
>
> Marking for brass initially, but we should do this for all backends.
>
> http://qwikfix.co.uk/hmrc-contact-number/

New description:

 I noticed that sqlite has SQLITE_MINIMUM_FILE_DESCRIPTOR and by default
 avoids using fds less than 3 in case something else in the same process
 tries to write to them, thinking output is going to stdout or stderr (e.g.
 a call to {{{write(2, ...)}}}):

 http://sqlite.org/compile.html#minimum_file_descriptor

 Elsewhere I read that this was apparently added in response to actual
 database corruption from such situations (I bet that was a pain to debug!)

 I think Xapian should definitely avoid at least fds 1 and 2 for writable
 handles, probably avoid fd 0 for reading, and perhaps just avoid anything
 < 3 for read or write like sqlite seems to.

 I'll note we already have special case code to handle the lock file being
 opened as a low fd on Unix, where we fork a child process and want to hook
 up its stdin and stdout to the parent.

 Marking for brass initially, but we should do this for all backends.

--

--
Ticket URL: <https://trac.xapian.org/ticket/651#comment:16>
Xapian <https://xapian.org/>
Xapian

More information about the Xapian-tickets mailing list