--- /dev/null
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !unix
+
+package runtime
+
+func checkfds() {
+ // Nothing to do on non-Unix platforms.
+}
--- /dev/null
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build unix
+
+package runtime_test
+
+import (
+ "internal/testenv"
+ "os"
+ "strings"
+ "testing"
+)
+
+func TestCheckFDs(t *testing.T) {
+ if *flagQuick {
+ t.Skip("-quick")
+ }
+
+ testenv.MustHaveGoBuild(t)
+
+ fdsBin, err := buildTestProg(t, "testfds")
+ if err != nil {
+ t.Fatal(err)
+ }
+
+ i, err := os.CreateTemp(t.TempDir(), "fds-input")
+ if err != nil {
+ t.Fatal(err)
+ }
+ if _, err := i.Write([]byte("stdin")); err != nil {
+ t.Fatal(err)
+ }
+ if err := i.Close(); err != nil {
+ t.Fatal(err)
+ }
+
+ o, err := os.CreateTemp(t.TempDir(), "fds-output")
+ if err != nil {
+ t.Fatal(err)
+ }
+ outputPath := o.Name()
+ if err := o.Close(); err != nil {
+ t.Fatal(err)
+ }
+
+ env := []string{"TEST_OUTPUT=" + outputPath}
+ for _, e := range os.Environ() {
+ if strings.HasPrefix(e, "GODEBUG=") || strings.HasPrefix(e, "GOTRACEBACK=") {
+ continue
+ }
+ env = append(env, e)
+ }
+
+ proc, err := os.StartProcess(fdsBin, []string{fdsBin}, &os.ProcAttr{
+ Env: env,
+ Files: []*os.File{},
+ })
+ if err != nil {
+ t.Fatal(err)
+ }
+ ps, err := proc.Wait()
+ if err != nil {
+ t.Fatal(err)
+ }
+ if ps.ExitCode() != 0 {
+ t.Fatalf("testfds failed: %d", ps.ExitCode())
+ }
+
+ fc, err := os.ReadFile(outputPath)
+ if err != nil {
+ t.Fatal(err)
+ }
+ if string(fc) != "" {
+ t.Errorf("unexpected file content, got: %q", string(fc))
+ }
+}
--- /dev/null
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build unix
+
+package runtime
+
+func checkfds() {
+ if islibrary || isarchive {
+ // If the program is actually a library, presumably being consumed by
+ // another program, we don't want to mess around with the file
+ // descriptors.
+ return
+ }
+
+ const (
+ // F_GETFD, EBADF, O_RDWR are standard across all unixes we support, so
+ // we define them here rather than in each of the OS specific files.
+ F_GETFD = 0x01
+ EBADF = 0x09
+ O_RDWR = 0x02
+ )
+
+ devNull := []byte("/dev/null\x00")
+ for i := 0; i < 3; i++ {
+ ret, errno := fcntl(int32(i), F_GETFD, 0)
+ if ret >= 0 {
+ continue
+ }
+ if errno != EBADF {
+ print("runtime: unexpected error while checking standard file descriptor ", i, ", errno=", errno, "\n")
+ throw("cannot open standard fds")
+ }
+
+ if ret := open(&devNull[0], O_RDWR, 0); ret < 0 {
+ print("runtime: standard file descriptor ", i, " closed, unable to open /dev/null, errno=", errno, "\n")
+ throw("cannot open standard fds")
+ } else if ret != int32(i) {
+ print("runtime: opened unexpected file descriptor ", ret, " when attempting to open ", i, "\n")
+ throw("cannot open standard fds")
+ }
+ }
+}
goargs()
goenvs()
secure()
+ checkfds()
parsedebugvars()
gcinit()
return
}
- // When secure mode is enabled, we do two things:
- // 1. ensure the file descriptors 0, 1, and 2 are open, and if not open them,
- // pointing at /dev/null (or fail)
- // 2. enforce specific environment variable values (currently we only force
- // GOTRACEBACK=none)
+ // When secure mode is enabled, we do one thing: enforce specific
+ // environment variable values (currently we only force GOTRACEBACK=none)
//
// Other packages may also disable specific functionality when secure mode
// is enabled (determined by using linkname to call isSecureMode).
- //
- // NOTE: we may eventually want to enforce (1) regardless of whether secure
- // mode is enabled or not.
- secureFDs()
secureEnv()
}
envs = append(envs, "GOTRACEBACK=none")
}
}
-
-func secureFDs() {
- const (
- // F_GETFD and EBADF are standard across all unixes, define
- // them here rather than in each of the OS specific files
- F_GETFD = 0x01
- EBADF = 0x09
- )
-
- devNull := []byte("/dev/null\x00")
- for i := 0; i < 3; i++ {
- ret, errno := fcntl(int32(i), F_GETFD, 0)
- if ret >= 0 {
- continue
- }
- if errno != EBADF {
- print("runtime: unexpected error while checking standard file descriptor ", i, ", errno=", errno, "\n")
- throw("cannot secure fds")
- }
-
- if ret := open(&devNull[0], 2 /* O_RDWR */, 0); ret < 0 {
- print("runtime: standard file descriptor ", i, " closed, unable to open /dev/null, errno=", errno, "\n")
- throw("cannot secure fds")
- } else if ret != int32(i) {
- print("runtime: opened unexpected file descriptor ", ret, " when attempting to open ", i, "\n")
- throw("cannot secure fds")
- }
- }
-}
--- /dev/null
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package main
+
+import (
+ "fmt"
+ "io"
+ "log"
+ "os"
+)
+
+func main() {
+ f, err := os.OpenFile(os.Getenv("TEST_OUTPUT"), os.O_CREATE|os.O_RDWR, 0600)
+ if err != nil {
+ log.Fatalf("os.Open failed: %s", err)
+ }
+ defer f.Close()
+ b, err := io.ReadAll(os.Stdin)
+ if err != nil {
+ log.Fatalf("io.ReadAll(os.Stdin) failed: %s", err)
+ }
+ if len(b) != 0 {
+ log.Fatalf("io.ReadAll(os.Stdin) returned non-nil: %x", b)
+ }
+ fmt.Fprintf(os.Stdout, "stdout\n")
+ fmt.Fprintf(os.Stderr, "stderr\n")
+}