Bug 27749 - programs run in %post have open filedescriptors
programs run in %post have open filedescriptors
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: openssh (Show other bugs)
7.0
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-02-15 01:50 EST by Damien Miller
Modified: 2007-04-18 12:31 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-02-17 10:55:14 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Damien Miller 2001-02-15 01:50:59 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.2.17-4 i686)


Programs run in the %post section of a spec during an upgrade have multiple
open filedescriptors, including ones to the rpm database and the original
rpm file. I haven't tested whether the fds are writeable, but this may be a
serious security problem if they are eg. network daemons which don't close
all open fds before forking and passing control to a user may inherit these
fds.

Reproducible: Always
Steps to Reproduce:
1.Upgrade the openssh-server package (which does a /etc/rc.d/init.d/sshd
restart in %post)
2. ls -l /proc/`cat /var/run/sshd.pid`/fd

	

Actual Results:  [root@xenon /root]#  ls -l /proc/`cat
/var/run/sshd.pid`/fd
total 0
lrwx------    1 root     root           64 Feb 15 16:57 0 -> /dev/null
lrwx------    1 root     root           64 Feb 15 16:57 1 -> /dev/null
lr-x------    1 root     root           64 Feb 15 16:57 11 ->
/home/djm/rpm/RPMS/i386/openssh-server-2.3.2p1-0.4.i386.rpm
lrwx------    1 root     root           64 Feb 15 16:57 12 -> /dev/pts/9
(deleted)
lrwx------    1 root     root           64 Feb 15 16:57 2 -> /dev/null
lrwx------    1 root     root           64 Feb 15 16:57 3 ->
socket:[261706]


Expected Results:  [root@xenon /root]#  ls -l /proc/`cat
/var/run/sshd.pid`/fd
total 0
lrwx------    1 root     root           64 Feb 15 16:58 0 -> /dev/null
lrwx------    1 root     root           64 Feb 15 16:58 1 -> /dev/null
lrwx------    1 root     root           64 Feb 15 16:58 2 -> /dev/null
lrwx------    1 root     root           64 Feb 15 16:58 3 ->
socket:[449209]


[root@xenon /root]# rpm -q rpm
rpm-4.0-4
Comment 1 Damien Miller 2001-02-15 01:55:24 EST
I stand corrected - rpm-4 _doesn't_ leave a fd open to the rpm database, but
rpm-3.0.5-9.6x does:

[root@mothra /root]# ls -l /proc/15356/fd
total 0
lrwx------    1 root     root           64 Feb 15 17:02 0 -> /dev/null
lrwx------    1 root     root           64 Feb 15 17:02 1 -> /dev/null
lrwx------    1 root     root           64 Feb 15 17:02 12 -> /dev/pts/0
(deleted)
lrwx------    1 root     root           64 Feb 15 17:02 2 -> /dev/null
lr-x------    1 root     root           64 Feb 15 17:02 3 ->
/home/djm/rpm/RPMS/i386/openssh-server-2.3.2p1-0.4.i386.rpm
lrwx------    1 root     root           64 Feb 15 17:02 4 ->
/var/lib/rpm/packages.rpm
lrwx------    1 root     root           64 Feb 15 17:02 5 -> socket:[128297]
Comment 2 Jeff Johnson 2001-02-15 16:14:01 EST
This problem needs to be fixed in the openssh-server package, as there other
ways that the daemon can inherit file descriptors if invoked from the command
line,  it's not only from upgading using rpm.

Changing component.
Comment 3 Damien Miller 2001-02-15 18:25:36 EST
I disagree. 

While it doesn't really have any adverse effects on OpenSSH (it closes fds after
forking), it is not hygenic and may affect other programs. 

It can also have unpleasant effects such as not being able to unmount
filesystems because fds to rpm files are left open.
Comment 4 Pekka Savola 2001-02-17 10:55:09 EST
This has been reported (with sshd) in the past, see: #18988

Smells like something that should be fixed in rpm in a generic fashion (rather than all init.d/* programs..).
Comment 5 Nalin Dahyabhai 2001-03-23 11:52:40 EST
Fixed in initscripts-5.69 and later.

Note You need to log in before you can comment on or make changes to this bug.