Bug 136686 - libmysql needs to set FD_CLOEXEC on sockets
libmysql needs to set FD_CLOEXEC on sockets
Product: Fedora
Classification: Fedora
Component: mysql (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tom Lane
David Lawrence
Depends On:
  Show dependency treegraph
Reported: 2004-10-21 13:37 EDT by Elliot Lee
Modified: 2013-07-02 23:02 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-12-10 11:46:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
One way to fix the problem (664 bytes, patch)
2004-10-21 13:38 EDT, Elliot Lee
no flags Details | Diff

  None (edit)
Description Elliot Lee 2004-10-21 13:37:27 EDT
Otherwise unrelated programs executed by a mysql client could start
spewing data to the mysql server. Patch follows.

This has possible security implications that might dictate a RHEL3
erratum as well.
Comment 1 Elliot Lee 2004-10-21 13:38:18 EDT
Created attachment 105599 [details]
One way to fix the problem

Generated against mysql-3.23.58
Comment 2 Tom Lane 2004-10-21 13:56:54 EDT
I'm unconvinced that this is a bug.  If we close-on-exec then it
becomes impossible to pass the connection down to a child process.  I
can't argue strongly that that's useful, but I'm unsure that it's
useless either.

If it is a bug, then the same issue exists in Postgres (and probably a
bunch of other libraries as well...)
Comment 3 Elliot Lee 2004-10-21 14:11:01 EDT
libmysql doesn't support turning an already-open fd into a MYSQL*
connection, so it's almost certain that it's useless to pass the mysql
fd's to a new program being executed since that program will have no
way of making use of the fd's. Furthermore, we don't know of any
examples of applications that depend on this feature, and it seems
very unlikely.

Yes, this bug is easy to create because the default setting on fd's is
!FD_CLOEXEC - I noticed it in mysql because it was keeping a bunch of
extra mysqld threads around connected to a non-mysql-using
application, thus preventing legitimate clients from connecting.
Comment 4 Tom Lane 2004-12-10 11:46:26 EST
I've pushed this to MySQL AB's bugzilla; we'll see what they think.
Comment 5 Tom Lane 2004-12-10 11:47:05 EST
Forgot to supply a link: http://bugs.mysql.com/bug.php?id=7174

Note You need to log in before you can comment on or make changes to this bug.