Bug 185596 - file descriptor leak
file descriptor leak
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: xterm (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jason Vas Dias
:
Depends On: 139597
Blocks: 187538
  Show dependency treegraph
 
Reported: 2006-03-15 19:16 EST by Jason Vas Dias
Modified: 2007-11-30 17:07 EST (History)
4 users (show)

See Also:
Fixed In Version: RHBA-2006-0350
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-10 18:12:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jason Vas Dias 2006-03-15 19:16:07 EST
+++ This bug was initially created as a clone of Bug #139597 +++

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
When xterm starts the shell there are four open instances of the tty,
there should only be three. This means the leaked fd may be inherited
by any descendant from the xterm.

Version-Release number of selected component (if applicable):
xterm-179-6.EL

How reproducible:
Always

Steps to Reproduce:
1. Start an xterm
2. Type: ls -l /prof/self/fd


Actual Results:  
[kasperd@marvin kasperd]$ ls -l /proc/self/fd
total 5
lrwx------  1 kasperd kasperd 64 Nov 16 22:20 0 -> /dev/pts/3
lrwx------  1 kasperd kasperd 64 Nov 16 22:20 1 -> /dev/pts/3
lrwx------  1 kasperd kasperd 64 Nov 16 22:20 2 -> /dev/pts/3
lr-x------  1 kasperd kasperd 64 Nov 16 22:20 3 -> /proc/3812/fd
lrwx------  1 kasperd kasperd 64 Nov 16 22:20 9 -> /dev/pts/3
[kasperd@marvin kasperd]$ 


Expected Results:  
[kasperd@marvin kasperd]$ ls -l /proc/self/fd
total 5
lrwx------  1 kasperd kasperd 64 Nov 16 22:20 0 -> /dev/pts/3
lrwx------  1 kasperd kasperd 64 Nov 16 22:20 1 -> /dev/pts/3
lrwx------  1 kasperd kasperd 64 Nov 16 22:20 2 -> /dev/pts/3
lr-x------  1 kasperd kasperd 64 Nov 16 22:20 3 -> /proc/3812/fd
[kasperd@marvin kasperd]$ 


Additional info:

Some shells may close leaked filedescriptors hiding the symptoms of
the xterm bug. However the symptoms are visible as long as bash is
being used as shell.

-- Additional comment from dickey@radix.net on 2004-11-29 19:31 EST --
Perhaps it depends on the kernel/pty implementation.  On
Debian/testing with 2.4.27, I see this:

~ (1) ls -l /proc//self/fd
total 4
lrwx------  1 tom tom 64 Nov 29 19:33 0 -> /dev/pts/4
lrwx------  1 tom tom 64 Nov 29 19:33 1 -> /dev/pts/4
lrwx------  1 tom tom 64 Nov 29 19:33 2 -> /dev/pts/4
lr-x------  1 tom tom 64 Nov 29 19:33 3 -> /proc/8226/fd
~ (2) 


-- Additional comment from dickey@radix.net on 2004-11-29 19:32 EST --
Sorry - that was tcsh.  With bash I see this (will check more).

tom@crayon:/usr/build/xterm/xterm-196j$ ls -l /proc/self/fd
total 5
lrwx------  1 tom tom 64 Nov 29 19:35 0 -> /dev/pts/5
lrwx------  1 tom tom 64 Nov 29 19:35 1 -> /dev/pts/5
lrwx------  1 tom tom 64 Nov 29 19:35 2 -> /dev/pts/5
lr-x------  1 tom tom 64 Nov 29 19:35 3 -> /proc/8235/fd
lrwx------  1 tom tom 64 Nov 29 19:35 9 -> /dev/pts/5
tom@crayon:/usr/build/xterm/xterm-196j$ 




-- Additional comment from dickey@radix.net on 2004-11-29 20:25 EST --
File-descriptor 9 appears to be the one opened in main.c by
this chunk:
                if ((pty_name = ptsname(screen->respond)) == 0) {
                    SysError(ERROR_PTSNAME);
                }
                if ((ptyfd = open(pty_name, O_RDWR)) < 0) {
                    SysError(ERROR_OPPTSNAME);
                }
and ptyfd is used for a while before copying it to the tty variable.
That is next updated by opening /dev/tty in a thicket of ifdef's.
So it's simple to see, hard to fix (will study this and try to not
break it ;-).

-- Additional comment from mharris@redhat.com on 2004-12-22 08:47 EST --
Does this occur in FC3 and/or other OS releases as well?


-- Additional comment from mharris@redhat.com on 2004-12-22 08:49 EST --
CC'ing RH Security team as there may be possible security implications
to leaking FDs.  Any comments appreciated.

-- Additional comment from dickey@radix.net on 2004-12-22 08:53 EST --
Probably (I verified this on Debian/testing).
The related code hasn't changed for a while.

-- Additional comment from alan@redhat.com on 2004-12-22 09:13 EST --
Don't see any immediately - the user owns the pty and tty sides of
their connection so they could just open the file again anyway. You
can probably do annoying things with it - but only to yourself


-- Additional comment from dickey@radix.net on 2005-01-16 10:02 EST --
fixed:
http://invisible-island.net/xterm/xterm.log.html#xterm_198

-- Additional comment from mharris@redhat.com on 2005-02-01 05:34 EST --
Targetting for FC4 for review.  We probably will update to this
new xterm version for FC4, but we should also try to isolate
the patch that fixes this for consideration for FC3 and FC2 also.


-- Additional comment from mharris@redhat.com on 2005-02-01 05:37 EST --
Thomas:  You wouldn't happen to have a patch, or CVS diff of
just the fix for this would you?  If so, I can apply the fix
alone for FC2 and FC3 and update them for those releases
possibly.

We'll put the new xterm into FC4 development soon too.

Thanks.


Setting to "NEEDINFO", to find out if there's a minimal patch
available.

-- Additional comment from dickey@radix.net on 2005-02-01 06:10 EST --
yes - I made a note to do this when I get home this afternoon

-- Additional comment from mharris@redhat.com on 2005-02-01 06:15 EST --
Thanks Thomas!

-- Additional comment from dickey@radix.net on 2005-02-01 20:19 EST --
Created an attachment (id=110537)
fix for file-descriptor leak.

hmm - longer than I'd like, but that's because I changed a variable
name (too many "tty" substrings to read).

-- Additional comment from mharris@redhat.com on 2005-02-07 20:43 EST --
Thanks for the patch Thomas, we'll review it for the next xterm
update for FC.


-- Additional comment from mharris@redhat.com on 2005-02-07 20:47 EST --
Status:

For FC4:
xterm needs to be updated to latest version.  Once that's done,
we can remove the FC4 tracker bugs, and leave the issue open for
other releases.

For FC2/FC3/RHEL3/RHEL4:
The patch in comment #13 needs to be reviewed by someone to determine
if it is worthy of updating xterm for.  We'll probably want to
simplify the patch if we include it.



-- Additional comment from sandmann@redhat.com on 2005-03-22 11:03 EST --
For FC4, xterm is already updated to the latest version. 

For FC3/FC2/RHEL, I don't think it's worth it unless there are security
implications. So this bug can be closed NEXTRELEASE imo.


-- Additional comment from mharris@redhat.com on 2005-04-10 22:14 EST --
Changing bug target to FC3Updates, as we've got the newest xterm with these
fixes in FC4 already.  Removing from FC4Target.


-- Additional comment from mharris@redhat.com on 2005-04-15 09:30 EST --
FC2 is end-of-life now, but when we fix this one:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148921

... we'll pull in the fix for this and a bunch of others for free.

-- Additional comment from wtogami@redhat.com on 2005-05-22 23:29 EST --
Do you actually intend on issuing an FC3 update?  If not then set WONTFIX or
something.

-- Additional comment from mitr@redhat.com on 2006-03-05 06:52 EST --
xterm-209-2 in rawhide contains the upstream fix.

Does this still need to be open, considering FC3 has reached its EOL?

-- Additional comment from bugzilla@2006.kasperd.net on 2006-03-05 11:13 EST --
I couldn't reproduce the problem with xterm-208-2.FC4

-- Additional comment from jvdias@redhat.com on 2006-03-15 19:14 EST --
This is bug is fixed in all current versions of Fedora; it does not appear to
affect RHEL-3, but does affect RHEL-4. Closing this bug, and cloning as a RHEL-4
bug.
Comment 1 Jason Vas Dias 2006-03-17 15:34:35 EST
Now fixed with xterm-192-4.EL4 .
Comment 7 Red Hat Bugzilla 2006-05-10 18:12:08 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2006-0350.html

Note You need to log in before you can comment on or make changes to this bug.