From 09dadce4fee15148a9f3a6969d15a0db8afe75bc Mon Sep 17 00:00:00 2001 From: Mateusz Poliwczak Date: Wed, 11 Mar 2026 20:17:51 +0100 Subject: [PATCH] runtime: std FDs are always opened, not only when AT_SECURE is set Updates #60641 Change-Id: I0340a561690a2b45e27a82dc15479b846a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/754400 LUCI-TryBot-Result: Go LUCI Reviewed-by: Keith Randall Reviewed-by: Keith Randall Auto-Submit: Keith Randall Reviewed-by: Dmitri Shuralyov --- src/runtime/extern.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/runtime/extern.go b/src/runtime/extern.go index a9f97a1a04..a69f4aaede 100644 --- a/src/runtime/extern.go +++ b/src/runtime/extern.go @@ -280,16 +280,18 @@ AT_SECURE flag in the auxiliary vector, on the BSDs and Solaris/Illumos it is determined by checking the issetugid syscall, and on AIX it is determined by checking if the uid/gid match the effective uid/gid. -When the runtime determines the binary is setuid/setgid-like, it does three main +When the runtime determines the binary is setuid/setgid-like, it does two main things: - - The standard input/output file descriptors (0, 1, 2) are checked to be open. - If any of them are closed, they are opened pointing at /dev/null. - The value of the GOTRACEBACK environment variable is set to 'none'. - When a signal is received that terminates the program, or the program encounters an unrecoverable panic that would otherwise override the value of GOTRACEBACK, the goroutine stack, registers, and other memory related information are omitted. +Additinally on Unix platforms the Go runtime automatically checks whether +the standard input/output file descriptors (0, 1, 2) are open. If any of them are +closed, they are opened pointing at /dev/null. + [Race Detector article]: https://go.dev/doc/articles/race_detector */ package runtime