Closing files after fork

Hal Murray halmurray at
Wed Aug 25 10:24:11 UTC 2021

Matt Selsky said:
> I think we close all FDs in order to reduce the number of FDs open with our
> old security context. Eg, if we seteuid() after fork, we want to drop all FDs
> opened with root privileges. 

That would make sense if we were talking about some big complicated program 
with lots open files that had suddenly decided to fork and change uid.  But we 
should understand what is going on.  Where are the FDs opened with old 
security context coming from?

There is code to reopen/dup stdin, stdout, and stderr as /dev/null
I've preserved that. 

These are my opinions.  I hate spam.

More information about the devel mailing list