[Enigmail] xulrunner-ipc leaves file descriptors open in child process?

[Patrick Brunschwig]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Daniel Kahn Gillmor wrote:
> Hi folks--
> 
> I've made significant progress in getting xulrunner-ipc to build cleanly
> with a relatively simple makefile, to the point where i've event gotten
> firegpg 0.7.5 working on GNU/linux on the powerpc(!)  I hope to publish
> a bit of my revised build process soon, as i'd like it to be useful to
> people other than myself.
> 
> I've been exploring its behavior, though, and i'm finding that the
> spawned child process appears to retain a copy of all of the file
> descriptors of the parent process.  Is this intentional?
> 
> Here's an example that i caught during a long-running child process
> (this is firegpg creating a key):
> 
>> dkg at clam:~$ lsof -p 4333
[...]
> 
> It seems like most of the open file descriptors are *not* file
> descriptors that GnuPG would have opened on its own.  So i can only
> assume that the file descriptors are inherited from the parent process.
> 
> This seems potentially sloppy -- what if there were three network
> connections opened by the parent, and the child process was to start
> manipulating them?  What about writing to the cache or adjusting the
> already-open files somehow?  Wouldn't it make more sense to close all
> file descriptors except the pipes before execing the child process?
> 
> Or is there some reason that the child process in xulrunner-ipc should
> really have access to all of the parent's file descriptors?

The problem is that IPC relies on standard Mozilla platform
functionality for executing files. Unfortunately the platform always
passes all file descriptors to the child process and doesn't allow to
specify different behavior. I was already trying to implement
workarounds for it, but I haven't found anything apart from either
fixing Mozilla or re-implementing the complete functionality to execute
files within IPC. Unfortunately I'm not good enough at these low-level
operations, especially as you have to do it differently for Windows,
Unix, and other OSes.

- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBScdPI3cOpHodsOiwAQjRRQf9HxVY85tyuD4vP8MtW+C6ADKyWJuddzDs
w29ZWqvrEErB1PoZupRwp6bfBbqw6nLovRmsnLjtCgNNHbqRAkLHx8NtlzEYOM6O
BSQtwV9b2NVHX0y0dgmtzJHMpiXXnl+Uy8NBe2sbQ/NkaD1LGwl0HTtEYO/1di4u
s3XlqxAbOozDZjcx0TMvY35pjJQ0dCL+esAhRtI/Q1zKkieKPB7WZ9j6YF8K9tQv
0KfaR6HWn1C1mm8opIyj1CdBXEcYYrO34Z5palvUG/4EpAc3TS31tCegr/xF6zYi
kn2CCi/mTj4rWuTNkUYW5IXPy60lTtMt4KN52jOtzgqeFFq827jSnA==
=MZU3
-----END PGP SIGNATURE-----