Y
Hacker News
new
|
ask
|
show
|
jobs
by
int_19h
538 days ago
But in POSIX, they are not, so any module implemented in C is still potentially problematic.
2 comments
teddyh
538 days ago
Only if that C-implemented module uses raw C to create file descriptors.
And
if the module has not gotten an update in the past
ten years
to fix the problem.
link
jcalvinowens
537 days ago
This can help:
https://man7.org/linux/man-pages/man2/close_range.2.html
close_range(3, ~0U, CLOSE_RANGE_UNSHARE); execve(....);
...but it's not very portable yet.
link
oseityphelysiol
537 days ago
I’ve never heard of it before. I work in an embedded environment where kernel version is known beforehand, so portability won’t be an issue. Thanks.
link