[Xcb] [PATCH] Open the X11 socket with close-on-exec flag

Matthias Hopf mhopf at suse.de
Tue Feb 16 03:29:50 PST 2010

On Feb 15, 10 16:16:28 -0800, Barton C Massey wrote:
> > It's a modularity issue. One component opened the X connection;
> > another called fork(), usually promptly followed by exec(). Then the
> > child has lost any record that it's sharing an FD with the parent,
> > unless it goes probing the kernel's FD table.
> That's what I thought.
> IMHO this is an application problem, not specific or
> interesting to XCB, and we shouldn't make it our problem.
> Just saying.

If the child that is called is untrusted, the parent would have to make
sure that no FDs are leaked. If the parent is multithreaded and using
xcb, it should be clear to the parent that creating a new X connection
could be racy in this aspect, and creating the X connection should only
be done when all other threads are waiting on some mutex.

IMHO this is not a security issue. It would be a nice-to-have security
enhancement, but as this cannot be done architecture-agnostic, I don't
think it is worth the hazzle.

Another two cents


Matthias Hopf <mhopf at suse.de>      __        __   __
Maxfeldstr. 5 / 90409 Nuernberg   (_   | |  (_   |__          mat at mshopf.de
Phone +49-911-74053-715           __)  |_|  __)  |__  R & D   www.mshopf.de

More information about the Xcb mailing list