Date: Sat, 9 Jun 2012 08:50:06 GMT From: "Jukka A. Ukkonen" <jau@oxit.fi> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/80798: mount_portal pipe leaves file descriptors open for child processes Message-ID: <201206090850.q598o6iw006147@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/80798; it has been noted by GNATS.
From: "Jukka A. Ukkonen" <jau@oxit.fi>
To: bug-followup@FreeBSD.org, hohmuth@sax.de
Cc:
Subject: Re: bin/80798: mount_portal pipe leaves file descriptors open for
child processes
Date: Sat, 09 Jun 2012 11:49:41 +0300
This is a multi-part message in MIME format.
--------------000401050508080706040807
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Greetings,
It seems that item 2 is not a real issue, because the unused
stdin is bound to /dev/null exactly as it should be to avoid
stdin being accidentally bound to some file while the child
program is running.
The same /dev/null treatment works also for stdout to avoid
accidentally writing to an unexpected file.
The stderr is directed to a pipe which in turn gets forwarded
to the syslogd.
While the item 1 has been an anomaly it has not been a big
issue. The only extra fds left for the child program have been
a read-only descriptor to /etc/fstab and a writable pipe to
feed syslogd.
It seems lsof opens its own new file descriptor under /tmp.
So, that one does not really count as an anomalous fd.
To be really pedantic about the fds to fstab and syslogd
apply the attached patch to close everything in the range
3...(getdtablesize()-1).
Notice, though, that the range may be very large. (Ref.
the resource limits.)
--jau
--------------000401050508080706040807
Content-Type: text/plain; charset=UTF-8;
name="portal_pipe_fds.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="portal_pipe_fds.patch"
--- usr.sbin/mount_portalfs/pt_pipe.c.orig 2012-06-09 10:36:08.000000000 +0300
+++ usr.sbin/mount_portalfs/pt_pipe.c 2012-06-09 10:52:49.000000000 +0300
@@ -61,6 +61,11 @@
char **argv;
int argc;
struct portal_cred save_area;
+ static int maxfds = 0;
+
+ if (maxfds == 0) {
+ maxfds = getdtablesize ();
+ }
/* Validate open mode, and assign roles. */
if ((pcr->pcr_flag & FWRITE) && (pcr->pcr_flag & FREAD))
@@ -129,7 +134,22 @@
syslog(LOG_ERR, "errlog: %m");
exit(EXIT_FAILURE);
}
+
+ for (i = 3; i < maxfds; i++) {
+ close (i);
+ }
+
if (execv(argv[0], argv) < 0) {
+ /*
+ * Start logging _again_ (and change name)
+ * because we just closed the descriptor
+ * as a side effect of the previous loop
+ * while trying to avoid passing extra fds
+ * to the child process.
+ */
+
+ openlog("portald", LOG_CONS|LOG_PID, LOG_DAEMON);
+
syslog(LOG_ERR, "execv(%s): %m", argv[0]);
exit(EXIT_FAILURE);
}
--------------000401050508080706040807--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201206090850.q598o6iw006147>