| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
* make tests/stdlib tests joinable
* fixup
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* tfdleak_multiple: introduce stress tester for tfdleak
Imported from #14548 and tweaked for consumption by testament.
This test seems to be really good at bringing out the flakyness of
tfdleadk.
Co-authored-by: Timothee Cour <timothee.cour2@gmail.com>
* tfdleak: increase accuracy of the test on Windows
This commit implements a new testing strategy for Windows:
1. We duplicate the handle that will be tested and enable inheritance.
This duplicate will serve as a reference handle.
2. In addition to checking whether the handle is valid, we also verify
whether the handle is the same as the reference. This gives us
complete certainty on whether the handle in question is inherited
from the parent.
A side effect is that this uses Windows 10+ APIs. But since
this is just for the test, we don't have to be picky about it.
Ideally we would want to do something like this for other POSIX-based
system, but most of them lack a facility to do this, and as of writing
there isn't any false positive for them, so we won't need the additional
checks.
MemFile.fHandle will also no longer be tested, as this handle defaults
to being invalid.
Co-authored-by: Timothee Cour <timothee.cour2@gmail.com>
|
| |
|
|
|
| |
* asyncdispatch, asyncnet: add inheritance control
* asyncnet, asyncdispatch: cleanup
|
|
|
* io: make file descriptors non-inheritable by default
This prevents file descriptors/handles leakage to child processes
that might cause issues like running out of file descriptors, or potential
security issues like leaking a file descriptor to a restricted file.
While this breaks backward compatibility, I'm rather certain that not
many programs (if any) actually make use of this implementation detail.
A new API `setInheritable` is provided for the few that actually want to
use this functionality.
* io: disable inheritance at file creation time for supported platforms
Some platforms provide extension to fopen-family of functions to allow
for disabling descriptor inheritance atomically during File creation.
This guards against possible leaks when a child process is spawned
before we managed to disable the file descriptor inheritance
(ie. in a multi-threaded program).
* net, nativesockets: make sockets non inheritable by default
With this commit, sockets will no longer leak to child processes when
you don't want it to. Should solves a lot of "address in use" that might
occur when your server has just restarted.
All APIs that create sockets in these modules now expose a `inheritable`
flag that allow users to toggle inheritance for the resulting sockets.
An implementation of `setInheritance()` is also provided for SocketHandle.
While atomically disabling inheritance at creation time is supported on
Windows, it's only implemented by native winsock2, which is too much for
now. This support can be implemented in a future patch.
* posix: add F_DUPFD_CLOEXEC
This command duplicates file descriptor with close-on-exec flag set.
Defined in POSIX.1-2008.
* ioselectors_kqueue: don't leak file descriptors
File descriptors internally used by ioselectors on BSD/OSX are now
shielded from leakage.
* posix: add O_CLOEXEC
This flag allows file descriptors to be open() with close-on-exec flag
set atomically.
This flag is specified in POSIX.1-2008
* tfdleak: test for selectors leakage
Also simplified the test by using handle-type agnostic APIs to test for
validity.
* ioselectors_epoll: mark all fd created close-on-exec
File descriptors from ioselectors should no longer leaks on Linux.
* tfdleak: don't check for selector leakage on Windows
The getFd proc for ioselectors_select returns a hardcoded -1
* io: add NoInheritFlag at compile time
* io: add support for ioctl-based close-on-exec
This allows for the flag to be set/unset in one syscall. While the
performance gains might be negliable, we have one less failure point
to deal with.
* tfdleak: add a test for setInheritable
* stdlib: add nimInheritHandles to restore old behaviors
* memfiles: make file handle not inheritable by default for posix
* io: setInheritable now operates on OS file handle
On Windows, the native handle is the only thing that's inheritable, thus
we can assume that users of this function will already have the handle
available to them. This also allows users to pass down file descriptors
from memfiles on Windows with ease, should that be desired.
With this, nativesockets.setInheritable can be made much simpler.
* changelog: clarify
* nativesockets: document setInheritable return value
* posix_utils: atomically disable fd inheritance for mkstemp
|