On 02/13/2018 08:50 AM, Peter Maydell wrote: > On 13 February 2018 at 16:43, Peter Maydell <[email protected]> wrote: >> OTOH, maybe we should just go ahead without weird games with dup2 and >> see whether any real code gets confused... > > Here's some real-world code that would break with this patch > as it stands, though dup2 games wouldn't be the fix in this case: > https://github.com/xinetd-org/xinetd/blob/master/xinetd/init.c#L79 > > (it iterates through all fds above 2 closing them, and we don't > protect against the guest being able to perform syscalls on > interp_dirfd)
Hmm. I suppose we could maintain a fd_set of valid guest fd's, and check every guest operation vs that set. Or special-case interp_dirfd with EBADF. Thoughts before I attempt either? r~
