Your message dated Wed, 06 Aug 2014 22:50:25 +0200
with message-id <[email protected]>
and subject line Fixed in 2.0.5-1
has caused the Debian Bug report #668253,
regarding inspircd: does not close stdin or stderr on startup, consumes 100% cpu
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
668253: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668253
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: inspircd
Version: 1.1.22+dfsg-4
Severity: important
Tags: security
I noticed that my inspircd would run at 100% CPU usage after being
restarted. Well actually this only started after I logged out. A quick
strace shows that inspircd calls poll in a loop and the result is always
fd=0. lsof then shows that fd=0 is connected to the terminal I used to
restart inspircd. When I logged out, it was closed and poll would always
return that fd. The problem is worse though. This can be used to
escalate privileges (from irc to root) when combined with an arbitrary
code execution flaw (such as the one fixed in DSA-2448-1).
Interestingly this problem does not exist according to the
documentation (include/inspircd.h):
| /** Daemonize the ircd and close standard input/output streams
| * @return True if the program daemonized succesfully
| */
| bool DaemonSeed();
However looking at the definition (src/inspircd.cpp) clearly shows that
the closing of the streams does not happen.
Helmut
--- End Message ---
--- Begin Message ---
Fixed in 2.0.5-1 (and 2.0.5-1~bpo60+1 in oldstable/stable); closing this
bug.
--
Guillaume Delacour <[email protected]>
signature.asc
Description: This is a digitally signed message part
--- End Message ---
