mirror of
https://github.com/nim-lang/Nim.git
synced 2026-01-05 20:47:53 +00:00
1bdc30bdb1
* io: make file descriptors non-inheritable by default This prevents file descriptors/handles leakage to child processes that might cause issues like running out of file descriptors, or potential security issues like leaking a file descriptor to a restricted file. While this breaks backward compatibility, I'm rather certain that not many programs (if any) actually make use of this implementation detail. A new API `setInheritable` is provided for the few that actually want to use this functionality. * io: disable inheritance at file creation time for supported platforms Some platforms provide extension to fopen-family of functions to allow for disabling descriptor inheritance atomically during File creation. This guards against possible leaks when a child process is spawned before we managed to disable the file descriptor inheritance (ie. in a multi-threaded program). * net, nativesockets: make sockets non inheritable by default With this commit, sockets will no longer leak to child processes when you don't want it to. Should solves a lot of "address in use" that might occur when your server has just restarted. All APIs that create sockets in these modules now expose a `inheritable` flag that allow users to toggle inheritance for the resulting sockets. An implementation of `setInheritance()` is also provided for SocketHandle. While atomically disabling inheritance at creation time is supported on Windows, it's only implemented by native winsock2, which is too much for now. This support can be implemented in a future patch. * posix: add F_DUPFD_CLOEXEC This command duplicates file descriptor with close-on-exec flag set. Defined in POSIX.1-2008. * ioselectors_kqueue: don't leak file descriptors File descriptors internally used by ioselectors on BSD/OSX are now shielded from leakage. * posix: add O_CLOEXEC This flag allows file descriptors to be open() with close-on-exec flag set atomically. This flag is specified in POSIX.1-2008 * tfdleak: test for selectors leakage Also simplified the test by using handle-type agnostic APIs to test for validity. * ioselectors_epoll: mark all fd created close-on-exec File descriptors from ioselectors should no longer leaks on Linux. * tfdleak: don't check for selector leakage on Windows The getFd proc for ioselectors_select returns a hardcoded -1 * io: add NoInheritFlag at compile time * io: add support for ioctl-based close-on-exec This allows for the flag to be set/unset in one syscall. While the performance gains might be negliable, we have one less failure point to deal with. * tfdleak: add a test for setInheritable * stdlib: add nimInheritHandles to restore old behaviors * memfiles: make file handle not inheritable by default for posix * io: setInheritable now operates on OS file handle On Windows, the native handle is the only thing that's inheritable, thus we can assume that users of this function will already have the handle available to them. This also allows users to pass down file descriptors from memfiles on Windows with ease, should that be desired. With this, nativesockets.setInheritable can be made much simpler. * changelog: clarify * nativesockets: document setInheritable return value * posix_utils: atomically disable fd inheritance for mkstemp
103 lines
3.3 KiB
Nim
103 lines
3.3 KiB
Nim
#
|
|
# Nim's Runtime Library
|
|
# (c) Copyright 2019 Federico Ceratto and other Nim contributors
|
|
#
|
|
# See the file "copying.txt", included in this
|
|
# distribution, for details about the copyright.
|
|
#
|
|
|
|
## A set of helpers for the POSIX module.
|
|
## Raw interfaces are in the other posix*.nim files.
|
|
|
|
# Where possible, contribute OS-independent procs in `os <os.html>`_ instead.
|
|
|
|
import posix
|
|
|
|
type Uname* = object
|
|
sysname*, nodename*, release*, version*, machine*: string
|
|
|
|
template charArrayToString(input: typed): string =
|
|
$cstring(addr input)
|
|
|
|
proc uname*(): Uname =
|
|
## Provides system information in a `Uname` struct with sysname, nodename,
|
|
## release, version and machine attributes.
|
|
|
|
when defined(posix):
|
|
runnableExamples:
|
|
echo uname().nodename, uname().release, uname().version
|
|
doAssert uname().sysname.len != 0
|
|
|
|
var u: Utsname
|
|
if uname(u) != 0:
|
|
raise newException(OSError, $strerror(errno))
|
|
|
|
result.sysname = charArrayToString u.sysname
|
|
result.nodename = charArrayToString u.nodename
|
|
result.release = charArrayToString u.release
|
|
result.version = charArrayToString u.version
|
|
result.machine = charArrayToString u.machine
|
|
|
|
proc fsync*(fd: int) =
|
|
## synchronize a file's buffer cache to the storage device
|
|
if fsync(fd.cint) != 0:
|
|
raise newException(OSError, $strerror(errno))
|
|
|
|
proc stat*(path: string): Stat =
|
|
## Returns file status in a `Stat` structure
|
|
if stat(path.cstring, result) != 0:
|
|
raise newException(OSError, $strerror(errno))
|
|
|
|
proc memoryLock*(a1: pointer, a2: int) =
|
|
## Locks pages starting from a1 for a1 bytes and prevent them from being swapped.
|
|
if mlock(a1, a2) != 0:
|
|
raise newException(OSError, $strerror(errno))
|
|
|
|
proc memoryLockAll*(flags: int) =
|
|
## Locks all memory for the running process to prevent swapping.
|
|
##
|
|
## example::
|
|
##
|
|
## memoryLockAll(MCL_CURRENT or MCL_FUTURE)
|
|
if mlockall(flags.cint) != 0:
|
|
raise newException(OSError, $strerror(errno))
|
|
|
|
proc memoryUnlock*(a1: pointer, a2: int) =
|
|
## Unlock pages starting from a1 for a1 bytes and allow them to be swapped.
|
|
if munlock(a1, a2) != 0:
|
|
raise newException(OSError, $strerror(errno))
|
|
|
|
proc memoryUnlockAll*() =
|
|
## Unlocks all memory for the running process to allow swapping.
|
|
if munlockall() != 0:
|
|
raise newException(OSError, $strerror(errno))
|
|
|
|
proc sendSignal*(pid: Pid, signal: int) =
|
|
## Sends a signal to a running process by calling `kill`.
|
|
## Raise exception in case of failure e.g. process not running.
|
|
if kill(pid, signal.cint) != 0:
|
|
raise newException(OSError, $strerror(errno))
|
|
|
|
proc mkstemp*(prefix: string): (string, File) =
|
|
## Creates a unique temporary file from a prefix string. Adds a six chars suffix.
|
|
## The file is created with perms 0600.
|
|
## Returns the filename and a file opened in r/w mode.
|
|
var tmpl = cstring(prefix & "XXXXXX")
|
|
let fd =
|
|
when declared(mkostemp):
|
|
mkostemp(tmpl, O_CLOEXEC)
|
|
else:
|
|
mkstemp(tmpl)
|
|
var f: File
|
|
if open(f, fd, fmReadWrite):
|
|
return ($tmpl, f)
|
|
raise newException(OSError, $strerror(errno))
|
|
|
|
proc mkdtemp*(prefix: string): string =
|
|
## Creates a unique temporary directory from a prefix string. Adds a six chars suffix.
|
|
## The directory is created with permissions 0700. Returns the directory name.
|
|
var tmpl = cstring(prefix & "XXXXXX")
|
|
if mkdtemp(tmpl) == nil:
|
|
raise newException(OSError, $strerror(errno))
|
|
return $tmpl
|