too many close calls for non-opened fds
Daniel Kahn Gillmor
dkg-openssh.com at fifthhorseman.net
Thu Aug 17 07:57:15 EST 2006
On August 16, carson at taltos.org said:
> Does any UNIX variant have a "close all my open fds except for
> these" syscall? Or an easy way to get back a list of in-use fds? I
> really wish such a beast would be added, as calling close() on all
> possible fd numbers is _such_ a hack...
While i understand the security advantage of this practice, it can
sometimes be ill-advised on systems that use external libraries which
have plugins, because you don't know what those plugins are going to
need. (alternatively, you could argue that a library with a plugin
architecture is itself less secure...)
For example, some NSS (name service switch) extensions will use file
descriptors themselves (e.g. sockets to external LDAP resources), and
don't take kindly to them being killed mid-run.
I ran into this problem with gdm a while back:
http://bugzilla.gnome.org/show_bug.cgi?id=315846#c19
gdm had a similar "close_all_file_descriptors_except()" function, and
it was clobbering the LDAP connections that NSS was expecting to have
held open.
i'm sure the openssh crew has considered this angle, but i thought i'd
raise it here anyway. Portable ssh does use the NSS on linux, at
least. Can one of the primary authors comment on measures used to
avoid this trap?
--dkg
More information about the openssh-unix-dev
mailing list