From: gs-cygwin.com@gluelogic.com
To: cygwin@cygwin.com
Cc: Bruno Haible <bruno@clisp.org>
Subject: Re: posix_spawn facility
Date: Wed, 10 May 2023 05:15:25 -0400 [thread overview]
Message-ID: <ZFtgrQbrsnJHSK3q@xps13> (raw)
In-Reply-To: <ZEGZx2eZaw1OyXkt@xps13>
On Thu, Apr 20, 2023 at 04:00:15PM -0400, gs-cygwin.com@gluelogic.com wrote:
> On Thu, Apr 20, 2023 at 09:31:38PM +0200, Bruno Haible wrote:
> > Glenn wrote:
> > > > > https://learn.microsoft.com/en-us/windows/win32/api/winbase/ns-winbase-startupinfoexa
> > > > >
> > > > > and the PROC_THREAD_ATTRIBUTE_HANDLE_LIST argument described in
> > > > >
> > > > > https://learn.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-updateprocthreadattribute
> > > > ...
> > > Excellent (very technical) article on the subject:
> > >
> > > Programmatically controlling which handles are inherited by new processes in Win32
> > > https://devblogs.microsoft.com/oldnewthing/20111216-00/?p=8873
> >
> > It's nice to see an example for PROC_THREAD_ATTRIBUTE_HANDLE_LIST.
> >
> > But the article exaggerates a problem:
> > "But all this inheritability fiddling still had a fatal flaw: What
> > if two threads within the same process both call CreateProcess but
> > disagree on which handles they want to be inherited?"
> > The answer, overlooked in the article, is to use DuplicateHandle
> > and set the inheritability of the duplicate to true. Concurrently
> > running posix_spawn invocations in other threads will not see the
> > duplicates, since they only see HANDLEs that are assigned to file
> > descriptors, not HANDLEs that merely reside in some data structure
> > in memory.
>
> It might not be an issue if everything -- and I mean everything -- goes
> through posix_spawn() to create processes.
>
> The article is from 2011 and about Windows. If a third-party dll
> running in another thread calls CreateProcess() and does not explicitly
> restrict the inherited handles using the techiques in the article, then
> there is still that race that might leak additional handles into the
> other process.
>
> In the case of cygwin, the cygwin layer could/should be able to
> centralize and control process creation, avoiding the race.
> Even if there were any steps that need to be protected, wrapping
> in a CriticalSection (or mutex) would probably be sufficient.
>
> Cheers, Glenn
lighttpd 1.4.70 includes support for native _WIN32 (separate build
from cygwin) and includes a working (but slow) _WIN32 socketpair() as
well as fully-functional code using CreateProcess() with the above
techniques to limit filehandles inherited by CGI processes to only the
stdhandles for stdin, stdout, and stderr.
lighttpd 1.4.70 uses sockets (via socketpair()) instead of pipes for
CGI on Windows since select() and WSAPoll() work only on sockets.
Corinna:
With the somewhat recent update to minimum Windows version supported by
cygwin, I believe that using PROC_THREAD_ATTRIBUTE_HANDLE_LIST should be
available on all cygwin-supported versions of Windows.
Cheers, Glenn
P.S. if any Windows developers look at the (BSD-3-Clause) lighttpd code
and notice that I am doing something wrong or suboptimal on _WIN32,
please do let me know how it can be improved. Thanks!
next prev parent reply other threads:[~2023-05-10 9:15 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-16 11:46 Bruno Haible
2023-04-17 9:18 ` Corinna Vinschen
2023-04-17 18:44 ` Bruno Haible
2023-04-18 9:25 ` Corinna Vinschen
2023-04-18 20:49 ` Eric Blake
2023-04-18 21:00 ` Corinna Vinschen
2023-04-18 22:10 ` Bruno Haible
2023-04-19 2:39 ` Eric Blake
2023-04-19 8:19 ` Corinna Vinschen
2023-04-19 11:56 ` Bruno Haible
2023-04-20 6:52 ` Csaba Raduly
2023-07-31 18:58 ` Eric Blake
2023-07-31 19:12 ` Corinna Vinschen
2023-04-19 8:24 ` Corinna Vinschen
2023-04-19 11:24 ` posix_spawn_file_actions_add[f]chdir_np Bruno Haible
2023-04-19 15:05 ` posix_spawn_file_actions_add[f]chdir_np Corinna Vinschen
2023-04-19 19:13 ` posix_spawn_file_actions_add[f]chdir_np Corinna Vinschen
2023-04-19 21:33 ` posix_spawn_file_actions_add[f]chdir_np Eliot Moss
2023-04-20 10:27 ` posix_spawn_file_actions_add[f]chdir_np Bruno Haible
2023-04-19 10:48 ` posix_spawn facility Bruno Haible
2023-04-20 7:14 ` gs-cygwin.com
2023-04-20 8:35 ` Corinna Vinschen
2023-04-20 10:18 ` Bruno Haible
2023-04-20 14:21 ` Corinna Vinschen
2023-04-20 14:40 ` Corinna Vinschen
2023-04-20 14:58 ` Bruno Haible
2023-04-20 15:40 ` Corinna Vinschen
2023-04-20 18:46 ` gs-cygwin.com
2023-04-20 18:40 ` gs-cygwin.com
2023-04-20 19:31 ` Bruno Haible
2023-04-20 20:00 ` gs-cygwin.com
2023-05-10 9:15 ` gs-cygwin.com [this message]
2023-04-20 18:04 ` gs-cygwin.com
2023-05-10 8:59 ` gs-cygwin.com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZFtgrQbrsnJHSK3q@xps13 \
--to=gs-cygwin.com@gluelogic.com \
--cc=bruno@clisp.org \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).