From Bugzilla Helper: User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.2.17-4 i686) Programs run in the %post section of a spec during an upgrade have multiple open filedescriptors, including ones to the rpm database and the original rpm file. I haven't tested whether the fds are writeable, but this may be a serious security problem if they are eg. network daemons which don't close all open fds before forking and passing control to a user may inherit these fds. Reproducible: Always Steps to Reproduce: 1.Upgrade the openssh-server package (which does a /etc/rc.d/init.d/sshd restart in %post) 2. ls -l /proc/`cat /var/run/sshd.pid`/fd Actual Results: [root@xenon /root]# ls -l /proc/`cat /var/run/sshd.pid`/fd total 0 lrwx------ 1 root root 64 Feb 15 16:57 0 -> /dev/null lrwx------ 1 root root 64 Feb 15 16:57 1 -> /dev/null lr-x------ 1 root root 64 Feb 15 16:57 11 -> /home/djm/rpm/RPMS/i386/openssh-server-2.3.2p1-0.4.i386.rpm lrwx------ 1 root root 64 Feb 15 16:57 12 -> /dev/pts/9 (deleted) lrwx------ 1 root root 64 Feb 15 16:57 2 -> /dev/null lrwx------ 1 root root 64 Feb 15 16:57 3 -> socket:[261706] Expected Results: [root@xenon /root]# ls -l /proc/`cat /var/run/sshd.pid`/fd total 0 lrwx------ 1 root root 64 Feb 15 16:58 0 -> /dev/null lrwx------ 1 root root 64 Feb 15 16:58 1 -> /dev/null lrwx------ 1 root root 64 Feb 15 16:58 2 -> /dev/null lrwx------ 1 root root 64 Feb 15 16:58 3 -> socket:[449209] [root@xenon /root]# rpm -q rpm rpm-4.0-4
I stand corrected - rpm-4 _doesn't_ leave a fd open to the rpm database, but rpm-3.0.5-9.6x does: [root@mothra /root]# ls -l /proc/15356/fd total 0 lrwx------ 1 root root 64 Feb 15 17:02 0 -> /dev/null lrwx------ 1 root root 64 Feb 15 17:02 1 -> /dev/null lrwx------ 1 root root 64 Feb 15 17:02 12 -> /dev/pts/0 (deleted) lrwx------ 1 root root 64 Feb 15 17:02 2 -> /dev/null lr-x------ 1 root root 64 Feb 15 17:02 3 -> /home/djm/rpm/RPMS/i386/openssh-server-2.3.2p1-0.4.i386.rpm lrwx------ 1 root root 64 Feb 15 17:02 4 -> /var/lib/rpm/packages.rpm lrwx------ 1 root root 64 Feb 15 17:02 5 -> socket:[128297]
This problem needs to be fixed in the openssh-server package, as there other ways that the daemon can inherit file descriptors if invoked from the command line, it's not only from upgading using rpm. Changing component.
I disagree. While it doesn't really have any adverse effects on OpenSSH (it closes fds after forking), it is not hygenic and may affect other programs. It can also have unpleasant effects such as not being able to unmount filesystems because fds to rpm files are left open.
This has been reported (with sshd) in the past, see: #18988 Smells like something that should be fixed in rpm in a generic fashion (rather than all init.d/* programs..).
Fixed in initscripts-5.69 and later.