Consider different way of inheriting handles in child processes on Windows

0e30a10
Opened by Peter Atashian at 2023-03-19 09:50:16

Currently to avoid handles being inherited incorrectly by child processes due to race conditions, Rust wraps the whole blob of code in a mutex to synchronize it. However, it will still accidentally inherit any handles created elsewhere that are inheritable, can cause race conditions with people creating processes using libraries other than std, and isn't very efficient.

By switching from STARTUPINFO to STARTUPINFOEX, we can pass a value for lpAttributeList and that attribute list can specify an explicit list of handles to inherit. For more information on this, see https://blogs.msdn.microsoft.com/oldnewthing/20111216-00/?p=8873

Unfortunately this does require vista, so XP users will lose out.

  1. This seems like a worthwhile implementation to me. We've got lots of fallbacks all over the place to support older OSes, but supporting XP isn't required so I'd also be fine with a patch to just switch to this.

    This would also bring Windows in line with Unix, which essentially is already using the equivalent of this.

    Alex Crichton at 2016-12-09 01:48:13

  2. What is the API vision here? Does std::process::Command::spawn decide which handles to pass down by itself or can an engineer ask for a handle to be inherited explicitly?

    Kostia Balytskyi at 2018-11-14 14:12:26

  3. Ideally it would know which of the stdio handles it would have to pass down by itself, but would also provide an API for the programmer to ask for additional handles to be inherited.

    Peter Atashian at 2018-11-14 16:34:15

  4. This will be enabled by #88193 but it would be good if this had a dedicated API. It'd be nice to do this by default too but that may be too breaking.

    @rustbot label +T-libs-api

    Chris Denton at 2022-03-09 01:55:57

  5. This would also bring Windows in line with Unix, which essentially is already using the equivalent of this.

    No, Unixoid semantics are worse: Before clone() and until parent closes the to be inherited descriptor there is plenty of time to leak. This would make the mutex obsolte on Windows, but still necessary on Linux.

    At least joshtripplet hinted on some Linux Kernel experiments he is doing related to that.

    Jan Ph. H. at 2023-01-07 20:51:01