From max at duempel.org Mon Dec 18 14:20:23 2006 From: max at duempel.org (Max Kellermann) Date: Mon, 18 Dec 2006 14:20:23 +0100 Subject: the rndlinux module opens a file handle and never closes it Message-ID: <20061218132023.GA25928@roonstrasse.net> Package: libgcrypt11 Version: 1.2.3-2 Tags: patch The function _gcry_rndlinux_gather_random() in cipher/rndlinux.c opens two file handles (fd_random and fd_urandom) which are never closed. Since it does not apply the FD_CLOEXEC flag, all subprocesses will inherit these two handles without ever using them. Please apply this patch which sets the FD_CLOEXEC flag. -------------- next part -------------- A non-text attachment was scrubbed... Name: rndlinux_cloexec.patch Type: text/x-diff Size: 457 bytes Desc: not available Url : /pipermail/attachments/20061218/8c4ad2e2/attachment.bin From christianbiere at gmx.de Mon Dec 18 16:29:57 2006 From: christianbiere at gmx.de (Christian Biere) Date: Mon, 18 Dec 2006 16:29:57 +0100 Subject: the rndlinux module opens a file handle and never closes it In-Reply-To: <20061218132023.GA25928@roonstrasse.net> References: <20061218132023.GA25928@roonstrasse.net> Message-ID: <20061218152957.GA4478@cyclonus> Max Kellermann wrote: > The function _gcry_rndlinux_gather_random() in cipher/rndlinux.c opens > two file handles (fd_random and fd_urandom) which are never closed. > Since it does not apply the FD_CLOEXEC flag, all subprocesses will > inherit these two handles without ever using them. > > Please apply this patch which sets the FD_CLOEXEC flag. The correct way to set this flag is this: { int flags = fcntl(fd, F_GETFD); flags |= FD_CLOEXEC; fcntl(fd, F_SETFD, flags); } Paranoids would even check for errors. -- Christian