syscall: don’t close fd 0 on ForkExec error

[FiloSottile]

When a Go program running on a Unix system is out of file descriptors and calls syscall.ForkExec (including indirectly by using the os/exec package), syscall.ForkExec can close file descriptor 0 as it fails. If this happens (or can be provoked) repeatedly, it can result in misdirected I/O such as writing network traffic intended for one connection to a different connection, or content intended for one file to a different one.

For users who cannot immediately update to the new release, the bug can be mitigated by raising the per-process file descriptor limit.

Thank you to Tomasz Maczukin and Kamil Trzciński of GitLab for reporting this issue.

This is CVE-2021-44717 and is fixed in Go 1.17.5 and Go 1.16.12.

[gopherbot]

Change https://golang.org/cl/370515 mentions this issue: [release-branch.go1.16] syscall: avoid writing to p when Pipe(p) fails

[gopherbot]

Change https://golang.org/cl/370514 mentions this issue: [release-branch.go1.16] syscall: fix ForkLock spurious close(0) on pipe failure

[gopherbot]

Change https://golang.org/cl/370535 mentions this issue: [release-branch.go1.17] syscall: avoid writing to p when Pipe(p) fails

[gopherbot]

Change https://golang.org/cl/370534 mentions this issue: [release-branch.go1.17] syscall: fix ForkLock spurious close(0) on pipe failure

[gopherbot]

Change https://golang.org/cl/370576 mentions this issue: syscall: fix ForkLock spurious close(0) on pipe failure

[gopherbot]

Change https://golang.org/cl/370577 mentions this issue: syscall: avoid writing to p when Pipe(p) fails

[gopherbot]

Change https://golang.org/cl/370614 mentions this issue: unix, plan9: avoid writing to p when Pipe(p) fails