[bug #27375] find leaks fds to child processes
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
[bug #27375] find leaks fds to child processes
by INVALID.NOREPLY
::
Rate this Message:
URL: <http://savannah.gnu.org/bugs/?27375> Summary: find leaks fds to child processes Project: findutils Submitted by: ericb Submitted on: Wed 02 Sep 2009 03:37:26 PM MDT Category: find Severity: 3 - Normal Item Group: Wrong result Status: Confirmed Privacy: Public Assigned to: ericb Originator Name: Eric Blake Originator Email: ebb9@... Open/Closed: Open Discussion Lock: Any Release: None Fixed Release: None _______________________________________________________ Details: Find currently leaks directory fds to child processes. This could be considered a minor security hole, since a rogue child could fchdir into a directory that would otherwise be inaccessible, or even play games such as using rewinddir(fdopendir(n)) on a leaked fd to change the state visible if the parent later calls readdir on the same underlying fd. Also, the leak puts the child that much closer to hitting EMFILE limits. $ find dir -exec ls -l /proc/self/fd \; total 0 lrwxrwxrwx 1 eblake Domain Users 0 Nov 30 2006 0 -> /dev/tty1 lrwxrwxrwx 1 eblake Domain Users 0 Nov 30 2006 1 -> /dev/tty1 lrwxrwxrwx 1 eblake Domain Users 0 Nov 30 2006 2 -> /dev/tty1 lrwxrwxrwx 1 eblake Domain Users 0 Nov 30 2006 3 -> /home/eblake/findutils lrwxrwxrwx 1 eblake Domain Users 0 Nov 30 2006 4 -> /proc/8064/fd total 0 lrwxrwxrwx 1 eblake Domain Users 0 Nov 30 2006 0 -> /dev/tty1 lrwxrwxrwx 1 eblake Domain Users 0 Nov 30 2006 1 -> /dev/tty1 lrwxrwxrwx 1 eblake Domain Users 0 Nov 30 2006 2 -> /dev/tty1 lrwxrwxrwx 1 eblake Domain Users 0 Nov 30 2006 3 -> /home/eblake/findutils lrwxrwxrwx 1 eblake Domain Users 0 Nov 30 2006 4 -> /proc/69896/fd lrwxrwxrwx 1 eblake Domain Users 0 Nov 30 2006 5 -> /home/eblake/findutils/dir _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?27375> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ |
|
|
[bug #27375] find leaks fds to child processes
by INVALID.NOREPLY
::
Rate this Message:
Follow-up Comment #1, bug #27375 (project findutils): This patch fixes part of the leak; the other part comes from updating gnulib to pick up my patch to plug fts. Still needs NEWS and a testsuite addition (ls /proc/self/fd is cute, but it would be nice if there were something more portable. Using -exec sh -c 'exec 4<&3' ; and checking for an error message from sh relating to failure to clone fd 3 from sh may be a bit better, but that is still not portable to all shells). (file #18671) _______________________________________________________ Additional Item Attachment: File name: findutils.patch1 Size:3 KB _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?27375> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ |
| Free embeddable forum powered by Nabble | Forum Help |
