Red Hat Bugzilla – Bug 136686
libmysql needs to set FD_CLOEXEC on sockets
Last modified: 2013-07-02 23:02:27 EDT
Otherwise unrelated programs executed by a mysql client could start
spewing data to the mysql server. Patch follows.
This has possible security implications that might dictate a RHEL3
erratum as well.
Created attachment 105599 [details]
One way to fix the problem
Generated against mysql-3.23.58
I'm unconvinced that this is a bug. If we close-on-exec then it
becomes impossible to pass the connection down to a child process. I
can't argue strongly that that's useful, but I'm unsure that it's
If it is a bug, then the same issue exists in Postgres (and probably a
bunch of other libraries as well...)
libmysql doesn't support turning an already-open fd into a MYSQL*
connection, so it's almost certain that it's useless to pass the mysql
fd's to a new program being executed since that program will have no
way of making use of the fd's. Furthermore, we don't know of any
examples of applications that depend on this feature, and it seems
Yes, this bug is easy to create because the default setting on fd's is
!FD_CLOEXEC - I noticed it in mysql because it was keeping a bunch of
extra mysqld threads around connected to a non-mysql-using
application, thus preventing legitimate clients from connecting.
I've pushed this to MySQL AB's bugzilla; we'll see what they think.
Forgot to supply a link: http://bugs.mysql.com/bug.php?id=7174