runInteractiveProcess broken with >2 processes on POSIX

Using runInteractiveProcess to build pipelines involving >2 processes doesn't work due to not closing enough FDs in the child post-fork.

Initial problem report:

http://news.gmane.org/find-root.php?group=gmane.comp.lang.haskell.cafe&article=30209

Suggested fix:

http://news.gmane.org/find-root.php?group=gmane.comp.lang.haskell.cafe&article=30241

Trac metadata

Trac field	Value
Version	6.6.1
Type	Bug
TypeOfFailure	OtherFailure
Priority	normal
Resolution	Unresolved
Component	Compiler
Test case
Differential revisions
BlockedBy
Related
Blocking
CC	jgoerzen@complete.org
Operating system	Linux
Architecture	x86

mentioned in issue #1415 (closed)

changed weight to 5

added Tbug Trac import labels

changed milestone to %6.8 branch

Thanks for the report! This sounds like it's just a bug fix to me, so I'm putting it in the 6.8 milestone.

Trac metadata

Trac field	Value
Component	Compiler → libraries/process

changed milestone to %6.8.3

See also #1415 (closed)

It would be nice to have it fixed. Last time I stepped on it I had to resort to using runProcess "sh" ["cmd1 | cmd2"] and deal with escaping the parameters. It would also be nice to be able to set a Handle into blocking mode. This way I could pass a Handle returned from runInteractiveProcess to an invocation of runProcess to form a pipe.

mentioned in issue #2155 (closed)

See also the probably-duplicate #2155 (closed).

mentioned in issue #2220 (closed)

See also #2220 (closed).

A C programmer would be able to close any/all FDs between forking and execing; here, with the two operations folded into one, *not* closing FDs by default becomes an unavoidable security hole as well as everything else.

I'd argue that not closing them violates the principle of having security by default - anyone who cares about FDs will know to mark them as not-automatically-closed; anyone who doesn't will likely be very surprised when a subprocess uses one they left over to overwrite their database, even by accident.

Trac metadata

Trac field	Value
Operating system	Linux → Multiple
Architecture	x86 → Multiple

assigned to @simonmar

assigned to @trac-igloo and unassigned @simonmar

Please merge these two:

Mon Apr 28 14:59:04 PDT 2008  Simon Marlow <simonmarhaskell@gmail.com>
  * FIX #1780: set pipe descriptors FD_CLOEXEC in the parent

Tue Apr 22 13:47:19 PDT 2008  Simon Marlow <simonmarhaskell@gmail.com>
  * don't set O_NONBLOCK on FDs passed to fdToHandle

Trac metadata

Trac field	Value
Type	Bug → MergeReq

added backport label and removed Tbug label

closed

Both merged

Trac metadata

Trac field	Value
Resolution	Unresolved → ResolvedFixed

Trac metadata

Trac field	Value
Architecture	Multiple → Unknown/Multiple

Trac metadata

Trac field	Value
Operating system	Multiple → Unknown/Multiple

added Pnormal label