Bug 136686 - libmysql needs to set FD_CLOEXEC on sockets
Summary: libmysql needs to set FD_CLOEXEC on sockets
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: mysql
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tom Lane
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-10-21 17:37 UTC by Elliot Lee
Modified: 2013-07-03 03:02 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2004-12-10 16:46:26 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
One way to fix the problem (664 bytes, patch)
2004-10-21 17:38 UTC, Elliot Lee
no flags Details | Diff

Description Elliot Lee 2004-10-21 17:37:27 UTC
Otherwise unrelated programs executed by a mysql client could start
spewing data to the mysql server. Patch follows.

This has possible security implications that might dictate a RHEL3
erratum as well.

Comment 1 Elliot Lee 2004-10-21 17:38:18 UTC
Created attachment 105599 [details]
One way to fix the problem

Generated against mysql-3.23.58

Comment 2 Tom Lane 2004-10-21 17:56:54 UTC
I'm unconvinced that this is a bug.  If we close-on-exec then it
becomes impossible to pass the connection down to a child process.  I
can't argue strongly that that's useful, but I'm unsure that it's
useless either.

If it is a bug, then the same issue exists in Postgres (and probably a
bunch of other libraries as well...)

Comment 3 Elliot Lee 2004-10-21 18:11:01 UTC
libmysql doesn't support turning an already-open fd into a MYSQL*
connection, so it's almost certain that it's useless to pass the mysql
fd's to a new program being executed since that program will have no
way of making use of the fd's. Furthermore, we don't know of any
examples of applications that depend on this feature, and it seems
very unlikely.

Yes, this bug is easy to create because the default setting on fd's is
!FD_CLOEXEC - I noticed it in mysql because it was keeping a bunch of
extra mysqld threads around connected to a non-mysql-using
application, thus preventing legitimate clients from connecting.

Comment 4 Tom Lane 2004-12-10 16:46:26 UTC
I've pushed this to MySQL AB's bugzilla; we'll see what they think.

Comment 5 Tom Lane 2004-12-10 16:47:05 UTC
Forgot to supply a link: http://bugs.mysql.com/bug.php?id=7174


Note You need to log in before you can comment on or make changes to this bug.