Coding Guidelines/Safely Executing Other Processes: Difference between revisions
No edit summary |
(note about fork and threads) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 8: | Line 8: | ||
: in common-src/alloc.c | : in common-src/alloc.c | ||
Strip any unknown symbols from the environment. This protects the programs Amanda invokes from stray environment variables that might influence their operation. | Strip any unknown symbols from the environment. This protects the programs Amanda invokes from stray environment variables that might influence their operation. | ||
= safe_fd = | |||
: in common-src/file.c | |||
This function closes all descriptors execpt stdin, stdout, and stderr, and makes sure those three are open. Use this function when spawning a new process to ensure it isn't exec'd with any stray descriptors open. | |||
= WARNING: fork and threads = | |||
fork() is not very compatible with threads - see [http://www.opengroup.org/onlinepubs/009695399/functions/pthread_atfork.html pthread_atfork]. When forking a new process, the child's execution between fork() and exec*() must be very, very limited. In particular, do not call debug functions (g_debug, g_error, or error) or do anything else that may try to acquire a lock. | |||
Latest revision as of 19:43, 7 May 2009
safe_cd
- in common-src/file.c
Change the current working directory to a "safe" location. This is necessary for a variety of reasons:
- Core files will be created in the working directory, so it should be writeable by the current user.
- The current directory of a process represents an open file on that filesystem, preventing it from being unmounted. Best practices dictate that long-lived processes should cd to / or a well-known location.
safe_env
- in common-src/alloc.c
Strip any unknown symbols from the environment. This protects the programs Amanda invokes from stray environment variables that might influence their operation.
safe_fd
- in common-src/file.c
This function closes all descriptors execpt stdin, stdout, and stderr, and makes sure those three are open. Use this function when spawning a new process to ensure it isn't exec'd with any stray descriptors open.
WARNING: fork and threads
fork() is not very compatible with threads - see pthread_atfork. When forking a new process, the child's execution between fork() and exec*() must be very, very limited. In particular, do not call debug functions (g_debug, g_error, or error) or do anything else that may try to acquire a lock.