On Sat, 2014-11-01 at 13:22 +0100, Christian Hofstaedtler wrote: > * Ben Hutchings <b...@decadent.org.uk> [141101 06:26]: > > On Sat, 2014-11-01 at 04:44 +0100, Christian Hofstaedtler wrote: > > > I've tried to debug this a bit more tonight, and after a good 4 > > > hours there are two things I can report: > > > > > > 1. with the default ruleset, udev leaks an ethtool socket to > > > net.agent (and by extension to ifup, dhclient, ...) > > > > This is a bug but probably harmless. SIOCETHTOOL doesn't depend on any > > socket state so it is normally used with an unconnected socket of an > > arbitrary address family. > > While it may be harmless from a security POV, the leaked FD causes > the udev worker to hold on to the forked-away net.agent process.
How is that? Ben. > net.agent tries hard to close udev's logging sockets (see the last > few lines of net.agent), but it doesn't know about any leaked > sockets and therefore doesn't try to close them. > > > > - fd = socket(PF_INET, SOCK_DGRAM, 0); > > + fd = socket(PF_INET, SOCK_DGRAM|SOCK_CLOEXEC, 0); > > Ah indeed. 4 AM is not the best time for such things ;-) > -- Ben Hutchings Kids! Bringing about Armageddon can be dangerous. Do not attempt it in your own home. - Terry Pratchett and Neil Gaiman, `Good Omens'
signature.asc
Description: This is a digitally signed message part