onion
onion copied to clipboard
davidmoreno
Not cross-compatible test case: 01-internal/12-cloexec (t01_get)
In: https://github.com/davidmoreno/onion/blob/master/tests/01-internal/12-cloexec.c#L139
We are checking the directory /proc/self/fd which is linux based, actually it is a symlink of /dev/fd which is unix based and thus on darwin and unix based operating systems /proc/self/fd is found missing.
Similarly there are several such lines in the test case where /proc/ folder is referred which results in failing test case.
I tried by changing the directory to /dev/fd and then removing the readlink line and the if/else but could not go further as on darwin ls --color doesn't work and things are not like /dev/getpid()/fd/<file_descriptor>.
Not sure of this but a more cross compatible solution can be to use lsof, extracting information and doing the same things that were being done in the test case (lsof -p 41463 -d "^txt" -d "^cwd" -a).
I think its a good idea.
Another related option is just to use an external helper shell script that returns 0 if ok, or 1 if not ok. This script can even check the running environment, and do different check type. This way we can sidestep the parsing of the lsof from C, which may have even different format in different OSs.
Regards, David.
2016-08-19 6:15 GMT+02:00 Anurag Agarwal [email protected]:
Not sure of this but a more cross compatible solution can be to use lsof, extracting information and doing the same things that were being done in the test case (lsof -p 41463 -d "^txt" -d "^cwd" -a).
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/davidmoreno/onion/issues/205#issuecomment-240923703, or mute the thread https://github.com/notifications/unsubscribe-auth/AATsullEnOucID6WMySQG7TJiwNnbEHGks5qhS3UgaJpZM4JnjLR .
David Moreno Montero
[email protected] +34 658 18 77 17 [image: Coralbits.com] http://www.coralbits.com/ http://www.coralbits.com
That would be great @davidmoreno but I am still confused of what exactly we are checking in the test case, once clear with the idea I think I will be able to implement the shell script too.
When onion executes a new process (an exec(3)) it should not leak the file descriptors of any connection, nor the listen fd. If it does there is risk that this new executable hijacks the connection. Its basically a file descriptor leak check.
For fds that the user may open it its handlers it user responsability to add the O_CLOEXEC flag to those files.
So finally the check is that there are no extra fds open more than the 3 standard ones (stdin, stdout, stderr). The C code also considers the very same fd that is used to list the directory from opendir.
By seeing the lsof output on linux, it can be just a grep for no open tcp connections nor listen.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME [...] hello 17430 dmoreno 7u IPv4 84666 0t0 TCP *:webcache (LISTEN) hello 17430 dmoreno 8u IPv4 90136 0t0 TCP localhost:webcache->localhost:42056 (ESTABLISHED) [...]
That lines should not be inherited.
David.
2016-08-21 12:41 GMT+02:00 Anurag Agarwal [email protected]:
That would be great @davidmoreno https://github.com/davidmoreno but I am still confused of what exactly we are checking in the test case, once clear with the idea I think I will be able to implement the shell script too.
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/davidmoreno/onion/issues/205#issuecomment-241250399, or mute the thread https://github.com/notifications/unsubscribe-auth/AATsumfhohfTVBGHIj8ke4rWUSrRZ140ks5qiCtygaJpZM4JnjLR .
David Moreno Montero
[email protected] +34 658 18 77 17 [image: Coralbits.com] http://www.coralbits.com/ http://www.coralbits.com