From 2f4772d2d2fd09d7dca42d462e57bbaa0d277bd6 Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Sun, 20 Apr 2014 07:59:39 +0200 Subject: [PATCH] fcntl.2: Note the race when O_CLOEXEC is used at same time as fork()+execve() Signed-off-by: Michael Kerrisk --- man2/fcntl.2 | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/man2/fcntl.2 b/man2/fcntl.2 index d0154a6d9..fc1d3b31b 100644 --- a/man2/fcntl.2 +++ b/man2/fcntl.2 @@ -58,7 +58,7 @@ .\" 2010-06-17, Michael Kerrisk .\" Document F_SETPIPE_SZ and F_GETPIPE_SZ. .\" -.TH FCNTL 2 2014-02-20 "Linux" "Linux Programmer's Manual" +.TH FCNTL 2 2014-04-20 "Linux" "Linux Programmer's Manual" .SH NAME fcntl \- manipulate file descriptor .SH SYNOPSIS @@ -142,6 +142,21 @@ is ignored. .BR F_SETFD " (\fIint\fP)" Set the file descriptor flags to the value specified by .IR arg . +.PP +In multithreaded programs, using +.BR fcntl () +.B F_SETFD +to set the close-on-exec flag at the same time as another thread performs a +.BR fork (2) +plus +.BR execve (2) +is vulnerable to a race condition that may unintentionally leak +the file descriptor to the program executed in the child process. +See the discussion of the +.BR O_CLOEXEC +flag in +.BR open (2) +for details and a remedy to the problem. .SS File status flags Each open file description has certain associated status flags, initialized by