runtime: std FDs are always opened, not only when AT_SECURE is set

Updates #60641

Change-Id: I0340a561690a2b45e27a82dc15479b846a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/754400
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Keith Randall <khr@golang.org>
Reviewed-by: Keith Randall <khr@google.com>
Auto-Submit: Keith Randall <khr@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

1 files changed, 5 insertions, 3 deletions

diff --git a/src/runtime/extern.go b/src/runtime/extern.go
index a9f97a1a04..a69f4aaede 100644
--- a/src/runtime/extern.go
+++ b/src/runtime/extern.go
@@ -280,16 +280,18 @@ AT_SECURE flag in the auxiliary vector, on the BSDs and Solaris/Illumos it is
 determined by checking the issetugid syscall, and on AIX it is determined by
 checking if the uid/gid match the effective uid/gid.
 
-When the runtime determines the binary is setuid/setgid-like, it does three main
+When the runtime determines the binary is setuid/setgid-like, it does two main
 things:
-  - The standard input/output file descriptors (0, 1, 2) are checked to be open.
-    If any of them are closed, they are opened pointing at /dev/null.
   - The value of the GOTRACEBACK environment variable is set to 'none'.
   - When a signal is received that terminates the program, or the program
     encounters an unrecoverable panic that would otherwise override the value
     of GOTRACEBACK, the goroutine stack, registers, and other memory related
     information are omitted.
 
+Additinally on Unix platforms the Go runtime automatically checks whether
+the standard input/output file descriptors (0, 1, 2) are open. If any of them are
+closed, they are opened pointing at /dev/null.
+
 [Race Detector article]: https://go.dev/doc/articles/race_detector
 */
 package runtime