496973 – Crond leaks its inotify file descriptor

Bug 496973 - Crond leaks its inotify file descriptor

Summary: Crond leaks its inotify file descriptor

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	cronie
Sub Component:
Version:	rawhide
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Marcela Mašláňová
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-04-21 21:20 UTC by Eric Paris
Modified:	2009-04-23 09:30 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2009-04-23 09:30:44 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Eric Paris 2009-04-21 21:20:01 UTC

src/cron.c::main() has this call to set up the inotify file descriptor

        database.ifd = fd = inotify_init();
        if (fd < 0)
                log_it("CRON", pid, "INFO", "Inotify init failed", errno);
        set_cron_watched(fd);

But this means that fd is going to be leaked to it's children on exec.  SELinux spotted denials that are almost certainly because of this leaked file descriptor across execve.

I suggest using

databse.ifd = fd = inotify_init1(IN_CLOEXEC)

instead of just inotify_init()

Comment 1 Marcela Mašláňová 2009-04-23 09:30:44 UTC

Thanks for report.

It's better to use fcntl here, because inotify_init1 is used since kernel-2.6.27 and cronie should be used also with older kernels.

Note You need to log in before you can comment on or make changes to this bug.