Lock in premium privacy for less: 2 years + 4 months at a special price.

Lock in 2 years + 4 months at a special price. Claim now!

Claim Now!
  • Glossary
  • What is a file descriptor? | ExpressVPN Glossary

Expressvpn Glossary

File descriptor

File descriptor

What is a file descriptor?

A file descriptor is a small number an operating system assigns to an open file or other input/output (I/O) resource so a program can read from or write to it. These resources can include files, sockets, pipes, terminals, and other I/O endpoints.

For each process, the kernel maintains a file descriptor table that maps these integers to their underlying resources. This table allows the kernel to track which resources are open and how each process is using them.

When a program performs I/O operations using system calls like read(), write(), or close(), it passes a file descriptor as an argument. The file descriptor tells the kernel which open resource the operation should apply to.

File descriptor architecture in the kernel

By convention, every process starts with three predefined file descriptors: standard input (0), standard output (1), and standard error (2).

When a program calls open(), the kernel selects the lowest available non-negative integer and returns it as the new file descriptor. In many cases, this is 3 because 0, 1, and 2 are already reserved. However, it can be any unused number depending on which descriptors the process currently has open.Three-step horizontal flow, showing how a file descriptor works.When close() is called, the kernel releases that descriptor and makes the number available for reuse.

Each process maintains its own independent set of file descriptors, so the same descriptor number can refer to different resources in different processes. An exception occurs when a process is created using fork(), because the child inherits the parent’s open file descriptors.

Why is a file descriptor important?

File descriptors help the operating system manage how programs use files and share data by:

  • Supporting isolation between processes: A file descriptor keeps each program’s files and connections separate so programs don’t interfere with each other.
  • Managing system resources: It lets the system track open files, sockets, and pipes for each program, which helps prevent leaks and conflicts.
  • Improving I/O flexibility: File descriptors allow input and output redirection so users and scripts can control where data comes from and goes.
  • Enforcing permission checks: A file descriptor forces the operating system to verify access rights before allowing read or write operations.

Where are file descriptors used?

File descriptors are used by many types of software to manage access to files, network connections, and other I/O resources. Some common contexts where they appear include:

  • Web servers: Web servers use file descriptors to keep track of each open socket and file.
  • Containers and sandboxed applications: These run isolated applications that use file descriptors to access files and communicate with the outside world.
  • Security tools: Some security tools list all open file descriptors for processes to help debug and monitor activity.
  • Malware analysis and incident response: Analysts use file descriptors to see what files, sockets, or pipes a suspicious process has open when investigating.

Risks and privacy concerns

File descriptors streamline process operations, but poor handling can create security and privacy problems:

  • Exposed data from file descriptor leaks: Child processes may inherit access to files or sockets they shouldn’t see from parent processes, which could let them read or modify data unexpectedly.
  • Container escape vulnerabilities: Leaked file descriptors can let attackers inside a container access or manipulate the host filesystem, undermining isolation and system security.
  • Denial-of-service through exhaustion: Attackers can open many sockets or files until a process runs out of available file descriptors, causing it to crash or become unresponsive.
  • Race conditions and misuse: Sharing descriptors between processes without careful management can create race conditions or unintended access paths that expose files to unauthorized operations.

Further reading

FAQ

What’s the difference between a file descriptor and a file handle?

A file descriptor is a simple integer that Unix-like operating systems use to refer to an open file or input/output (I/O) resource. A file handle is a broader term and is commonly used in Windows systems, where the kernel uses handles to reference open objects such as files, sockets, and other resources.

What is a “file descriptor leak”?

A file descriptor leak happens when a program opens resources like files or sockets and never closes their descriptors, which can exhaust the available descriptors over time and cause errors.

How can I list a process’s open descriptors?

On Linux, you can list a process’s open descriptors by examining entries under /proc//fd/, which show all descriptor numbers the process currently uses.

Get Started