doc: mention more about ksh cloexec behavior

* doc/autoconf.texi (File Descriptors): Clarify that only the exec
builtin suffers from cloexec issues.

Signed-off-by: Eric Blake <eblake@redhat.com>

diff --git a/ChangeLog b/ChangeLog
index 03541e04a39c963a361dc1d080215fb1c3a93a4b..885e545a56f7a881a065ce140d0db1e28589bfa4 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2011-06-14  Eric Blake  <eblake@redhat.com>
 
+       doc: mention more about ksh cloexec behavior
+       * doc/autoconf.texi (File Descriptors): Clarify that only the exec
+       builtin suffers from cloexec issues.
+
        doc: update quoting example
        * doc/autoconf.texi (Autoconf Language): Add AC_LANG_SOURCE use.
        * THANKS: Update.

diff --git a/doc/autoconf.texi b/doc/autoconf.texi
index 99b1fd1f4e2ed78fde3d84fbe5375f7367c9f906..6ec0dc41fb99593289c8d3738c005542141d514b 100644 (file)
--- a/doc/autoconf.texi
+++ b/doc/autoconf.texi
@@ -15442,45 +15442,39 @@ As a workaround, @command{echo} or @command{eval} can be used.
 Don't rely on file descriptors 0, 1, and 2 remaining closed in a
 subsidiary program.  If any of these descriptors is closed, the
 operating system may open an unspecified file for the descriptor in the
-new process image.  Posix says this may be done only if the subsidiary
-program is set-user-ID or set-group-ID, but HP-UX 11.23 does
-it even for ordinary programs.
-
-Don't rely on open file descriptors being open in child processes.  In
-@command{ksh}, file descriptors above 2 which are opened using
+new process image.  Posix 2008 says this may be done only if the
+subsidiary program is set-user-ID or set-group-ID, but HP-UX 11.23 does
+it even for ordinary programs, and the next version of Posix will allow
+HP-UX behavior.
+
+If you want a file descriptor above 2 to be inherited into a child
+process, then you must use redirections specific to that command or a
+containing subshell or command group, rather than relying on
+@command{exec} in the shell. In @command{ksh} as well as HP-UX
+@command{sh}, file descriptors above 2 which are opened using
 @samp{exec @var{n}>file} are closed by a subsequent @samp{exec} (such as
-that involved in the fork-and-exec which runs a program or script).
-Thus, using @command{sh}, we have:
+that involved in the fork-and-exec which runs a program or script):
 
 @example
-$ @kbd{cat ./descrips}
-#!/bin/sh -
-echo hello >&5
-$ @kbd{exec 5>t}
-$ @kbd{./descrips}
-$ @kbd{cat t}
+$ @kbd{echo 'echo hello >&5' >k
+$ @kbd{/bin/sh -c 'exec 5>t; ksh ./k; exec 5>&-; cat t}
 hello
-$
-@end example
-
-@noindent
-But using ksh:
-
-@example
-$ @kbd{exec 5>t}
-$ @kbd{./descrips}
+$ @kbd{bash -c 'exec 5>t; ksh ./k; exec 5>&-; cat t}
+hello
+$ @kbd{ksh -c 'exec 5>t; ksh ./k; exec 5>&-; cat t}
+./k[1]: 5: cannot open [Bad file number]
+$ @kbd{ksh -c '(ksh ./k) 5>t; cat t'}
+hello
+$ @kbd{ksh -c '@{ ksh ./k; @} 5>t; cat t'}
+hello
+$ @kbd{ksh -c '5>t ksh ./k; cat t}
 hello
-$ @kbd{cat t}
-$
 @end example
 
-@noindent
-Within the process which runs the @samp{descrips} script, file
-descriptor 5 is closed.
-
 Don't rely on duplicating a closed file descriptor to cause an
-error.  With Solaris @command{/bin/sh}, when the redirection fails, the
-output goes to the original file descriptor.
+error.  With Solaris @command{/bin/sh}, failed duplication is silently
+ignored, which can cause unintended leaks to the original file
+descriptor.  In this example, observe the leak to standard output:
 
 @example
 $ @kbd{bash -c 'echo hi >&3' 3>&-; echo $?}