runInteractiveProcess broken with >2 processes on POSIX

[guest]

Using runInteractiveProcess to build pipelines involving >2 processes doesn't work due to not closing enough FDs in the child post-fork.

Initial problem report:

 http://news.gmane.org/find-root.php?group=gmane.comp.lang.haskell.cafe&article=30209

Suggested fix:

 http://news.gmane.org/find-root.php?group=gmane.comp.lang.haskell.cafe&article=30241

[igloo]

Thanks for the report! This sounds like it's just a bug fix to me, so I'm putting it in the 6.8 milestone.

[simonmar]

See also #1415

[michal.palka]

It would be nice to have it fixed. Last time I stepped on it I had to resort to using runProcess "sh" ["cmd1 | cmd2"] and deal with escaping the parameters. It would also be nice to be able to set a Handle into blocking mode. This way I could pass a Handle returned from runInteractiveProcess to an invocation of runProcess to form a pipe.

[simonmar]

See also the probably-duplicate #2155.

[simonmar]

See also #2220.

[Baughn]

A C programmer would be able to close any/all FDs between forking and execing; here, with the two operations folded into one, *not* closing FDs by default becomes an unavoidable security hole as well as everything else.

I'd argue that not closing them violates the principle of having security by default - anyone who cares about FDs will know to mark them as not-automatically-closed; anyone who doesn't will likely be very surprised when a subprocess uses one they left over to overwrite their database, even by accident.

[simonmar]

Please merge these two:

Mon Apr 28 14:59:04 PDT 2008  Simon Marlow <simonmarhaskell@gmail.com>
  * FIX #1780: set pipe descriptors FD_CLOEXEC in the parent

Tue Apr 22 13:47:19 PDT 2008  Simon Marlow <simonmarhaskell@gmail.com>
  * don't set O_NONBLOCK on FDs passed to fdToHandle

[igloo]

Both merged