It would be interesting to patch the fork(2) manual page to do the same thing in the EXAMPLES section. Would you mind sending a patch to linux-man@ too?

Since nobody commented, I'll merge now. Thanks!

It would be interesting to patch the fork(2) manual page to do the same thing in the EXAMPLES section. Would you mind sending a patch to linux-man@ too?

I've looked at the EXAMPLES section now, but I'm not sure if it really helps there. No exec call is performed and the whole main-function is printed without any atexit calls. Leaving the forked process with exit in this case is no problem and introducing _exit might make the code less readable or more confusing imho.

It would be interesting to patch the fork(2) manual page to do the same thing in the EXAMPLES section. Would you mind sending a patch to linux-man@ too?

I've looked at the EXAMPLES section now, but I'm not sure if it really helps there. No exec call is performed and the whole main-function is printed without any atexit calls. Leaving the forked process with exit in this case is no problem and introducing _exit might make the code less readable or more confusing imho.

I guess _exit(2) is never wrong there? Or is it sometimes wrong? If _exit(2) is always better (or at least equivalent), maybe it would be good to show it in the example, to promote it. And in the commit message we could add a detailed explanation.

What do you think?

I guess _exit(2) is never wrong there? Or is it sometimes wrong? If _exit(2) is always better (or at least equivalent), maybe it would be good to show it in the example, to promote it. And in the commit message we could add a detailed explanation.

What do you think?

I'll prepare a patch. Promoting that _exit exists might help people out there to at least read its manual page. We can discuss this further on man-pages mailing list if needed.

I guess _exit(2) is never wrong there? Or is it sometimes wrong? If _exit(2) is always better (or at least equivalent), maybe it would be good to show it in the example, to promote it. And in the commit message we could add a detailed explanation.
What do you think?

I'll prepare a patch. Promoting that _exit exists might help people out there to at least read its manual page. We can discuss this further on man-pages mailing list if needed.

Thanks!

Indeed, I knew it existed, but had only seen it sporadically, and never knew what it was really good for, until you sent this PR. Using it in the manual page will hopefully help people know about it, and give it more visibility.

Doesn't use of glibc extensions break functioning with non-glibc, like musl?

Isn't it safer to use constructs like

shadow = fopen (SGROUP_FILE, "re");
if (NULL == shadow )
  shadow = fopen (SGROUP_FILE, "r");

?

Or, alternatively, detect extension in configure?

Hi,

On Mon, Feb 17, 2025 at 10:42:11AM +0100, Alejandro Colomar wrote:

On Sun, Feb 16, 2025 at 06:15:18PM -0800, Karlson2k wrote:

Karlson2k left a comment (#1171)

Doesn't use of glibc extensions break functioning with non-glibc, like musl?

After reading musl's source code, it does support 'e'. And it does so
since 2012. Which libc are you using? And which version?

        alx@devuan:~/src/musl/libc/master$ grepc fopen .
        ./include/stdio.h:FILE *fopen(const char *__restrict, const char *__restrict);
        ./src/stdio/fopen.c:FILE *fopen(const char *restrict filename, const char *restrict mode)
        {
                FILE *f;
                int fd;
                int flags;

                /* Check for valid initial mode character */
                if (!strchr("rwa", *mode)) {
                        errno = EINVAL;
                        return 0;
                }

                /* Compute the flags to pass to open() */
                flags = __fmodeflags(mode);

                fd = sys_open(filename, flags, 0666);
                if (fd < 0) return 0;
                if (flags & O_CLOEXEC)
                        __syscall(SYS_fcntl, fd, F_SETFD, FD_CLOEXEC);

                f = __fdopen(fd, mode);
                if (f) return f;

                __syscall(SYS_close, fd);
                return 0;
        }

        alx@devuan:~/src/musl/libc/master$ grepc __fmodeflags .
        ./src/stdio/__fmodeflags.c:int __fmodeflags(const char *mode)
        {
                int flags;
                if (strchr(mode, '+')) flags = O_RDWR;
                else if (*mode == 'r') flags = O_RDONLY;
                else flags = O_WRONLY;
                if (strchr(mode, 'x')) flags |= O_EXCL;
                if (strchr(mode, 'e')) flags |= O_CLOEXEC;
                if (*mode != 'r') flags |= O_CREAT;
                if (*mode == 'w') flags |= O_TRUNC;
                if (*mode == 'a') flags |= O_APPEND;
                return flags;
        }
        ./src/internal/stdio_impl.h:hidden int __fmodeflags(const char *);

        alx@devuan:~/src/musl/libc/master$ git blame -- src/stdio/__fmodeflags.c | grep CLOEXEC
        892cafff6 (Rich Felker 2012-10-24 21:16:06 -0400 11)    if (strchr(mode, 'e')) flags |= O_CLOEXEC;

        alx@devuan:~/src/musl/libc/master$ git show 892cafff6 | grep -e CLOEXEC -e ^diff | head -n5
        diff --git a/src/internal/stdio_impl.h b/src/internal/stdio_impl.h
        diff --git a/src/stdio/__fmodeflags.c b/src/stdio/__fmodeflags.c
        +       if (strchr(mode, 'e')) flags |= O_CLOEXEC;
        diff --git a/src/stdio/fopen.c b/src/stdio/fopen.c
        -       if (strchr(mode, 'e')) flags |= O_CLOEXEC;

        alx@devuan:~/src/musl/libc/master$ git blame 892cafff6^ -- src/stdio/fopen.c | grep CLOEXEC
        8582a6e9f (Rich Felker 2012-09-29 18:09:34 -0400 20)    if (strchr(mode, 'e')) flags |= O_CLOEXEC;

        alx@devuan:~/src/musl/libc/master$ git log -1 8582a6e9f
        commit 8582a6e9f25dd7b87d72961f58008052a4cac473
        Author: Rich Felker <dalias@aerifal.cx>
        Date:   Sat Sep 29 18:09:34 2012 -0400

            add 'e' modifier (close-on-exec) to fopen and fdopen

            this feature will be in the next version of POSIX, and can be used
            internally immediately. there are many internal uses of fopen where
            close-on-exec is needed to fix bugs.

Cheers,
Alex

On GNU/Linux I'm using glibc mainly, but my comment is not related to my specific use.

The generic approach to writing reliable portable software:

• do not use private extension if possible (they are unportable by their nature and could be even removed in new releases)
• if private extension is important, test for extension availability before use
• do not blindly use standard features if the standard is new, check for feature availability instead
• use fallback paths if possible

Talking about this flag. It is supported by glibc, musl and uclibc-ng. Not supported by dietlibc.

On GNU/Linux I'm using glibc mainly, but my comment is not related to my specific use.

The generic approach to writing reliable portable software:

* do not use private extension if possible (they are unportable by their nature and could be even removed in new releases)

* if private extension is important, test for extension availability before use

* do not blindly use standard features if the standard is new, check for feature availability instead

* use fallback paths if possible

We make compromises between portability and security/safety. For portability reasons, one could argue using the ISO C89 dialect (we even had some fallback code for K&R C compilers until a few weeks ago), but that would result in code that is more unsafe. Fallback code also results in many untested paths, so we avoid it unless its really important.

Since this extension is old (available in glibc since 2007, and in musl since 2012), and it provides important security features, and it has been standardized, I think it's okay to use it.

Even back in 2012, it had already been accepted into the next POSIX standard (which would eventually become POSIX.1-2024), as the commit message from musl documents:

        commit 8582a6e9f25dd7b87d72961f58008052a4cac473
        Author: Rich Felker <dalias@aerifal.cx>
        Date:   Sat Sep 29 18:09:34 2012 -0400

            add 'e' modifier (close-on-exec) to fopen and fdopen

            this feature will be in the next version of POSIX, and can be used
            internally immediately. there are many internal uses of fopen where
            close-on-exec is needed to fix bugs.

Talking about this flag. It is supported by glibc, musl and uclibc-ng. Not supported by dietlibc.

Good; it has wide support. dietlibc should implement it.

Sure, it is up to maintainers whether to improve code portability or wait for others to adapt. 😉
On the other hand, the code already has a number of uses of unportable (or not fully portable) features, so this particular part is not a problem as the whole code may work only in specific environments, where these extensions are automatically available.

As a sanity check, the major BSDs (Free,Net,Open) also support e. MirBSD doesn't document it. Let's CC its maintainer: @mirabilos.

Thorsten, is it an undocumented feature? Or does MirBSD not implement O_CLOEXEC in fopen(3)?

Anyone feel free to contact the dietlibc maintainer(s) to ask them to support this POSIX feature.