public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/15722] New: Verify that all internal sockets opened with SOCK_CLOEXEC
@ 2013-07-09 3:08 thiago at kde dot org
2013-10-14 13:48 ` [Bug libc/15722] " neleai at seznam dot cz
` (7 more replies)
0 siblings, 8 replies; 9+ messages in thread
From: thiago at kde dot org @ 2013-07-09 3:08 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15722
Bug ID: 15722
Summary: Verify that all internal sockets opened with
SOCK_CLOEXEC
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: thiago at kde dot org
CC: drepper.fsp at gmail dot com
As the Summary says.
glibc has many internal sockets that it opens for internal operations and
doesn't use SOCK_CLOEXEC on. Some of those sockets are used only for a short
time (for ioctl or netlink), but some may be for a long time. Anyway, however
short the time it stays open, there's still a chance that it may leak by
another thread doing a simultaneous fork().
I've found socket openings without SOCK_CLOEXEC in:
* __opensock (socket/opensock.c), though the override in
sysdeps/unix/sysv/linux/opensock.c uses SOCK_CLOEXEC
* getifaddrs (sysdeps/gnu/ifaddrs.c and sysdeps/unix/sysv/linux/ifaddrs.c)
* getaddrinfo (sysdeps/posix/getaddrinfo.c)
* __check_native (sysdeps/unix/sysv/linux/check_native.c)
* __check_pf (sysdeps/unix/sysv/linux/check_pf.c)
* multiple in resolv/res_send.c
There could be more.
Maybe it would be useful to have an internal function that opens always a
socket with O_CLOEXEC semantics.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/15722] Verify that all internal sockets opened with SOCK_CLOEXEC
2013-07-09 3:08 [Bug libc/15722] New: Verify that all internal sockets opened with SOCK_CLOEXEC thiago at kde dot org
@ 2013-10-14 13:48 ` neleai at seznam dot cz
2013-10-14 14:51 ` thiago at kde dot org
` (6 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: neleai at seznam dot cz @ 2013-10-14 13:48 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15722
Ondrej Bilka <neleai at seznam dot cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |neleai at seznam dot cz
--- Comment #1 from Ondrej Bilka <neleai at seznam dot cz> ---
Could you prepare a patch that fixes these?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/15722] Verify that all internal sockets opened with SOCK_CLOEXEC
2013-07-09 3:08 [Bug libc/15722] New: Verify that all internal sockets opened with SOCK_CLOEXEC thiago at kde dot org
2013-10-14 13:48 ` [Bug libc/15722] " neleai at seznam dot cz
@ 2013-10-14 14:51 ` thiago at kde dot org
2013-10-20 8:29 ` neleai at seznam dot cz
` (5 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: thiago at kde dot org @ 2013-10-14 14:51 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15722
--- Comment #2 from Thiago Macieira <thiago at kde dot org> ---
I'm sorry, I'm not qualified to do that under glibc coding style. I don't even
understand how the buildsystem works, so I can't tell which files are relevant
or not.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/15722] Verify that all internal sockets opened with SOCK_CLOEXEC
2013-07-09 3:08 [Bug libc/15722] New: Verify that all internal sockets opened with SOCK_CLOEXEC thiago at kde dot org
2013-10-14 13:48 ` [Bug libc/15722] " neleai at seznam dot cz
2013-10-14 14:51 ` thiago at kde dot org
@ 2013-10-20 8:29 ` neleai at seznam dot cz
2014-06-13 13:25 ` fweimer at redhat dot com
` (4 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: neleai at seznam dot cz @ 2013-10-20 8:29 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15722
Ondrej Bilka <neleai at seznam dot cz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|normal |enhancement
--- Comment #3 from Ondrej Bilka <neleai at seznam dot cz> ---
A most work here is clasifying which files are internal and which not. A sample
list could be generated by:
git grep ' open (' | grep '\.c' | grep -v '\(tst\|bug\)'
git grep ' fopen (' | grep '\.c' | grep -v '\(tst\|bug\)'
But somebody needs to go througth this and filter entries with clockexec or
these passed to user code.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/15722] Verify that all internal sockets opened with SOCK_CLOEXEC
2013-07-09 3:08 [Bug libc/15722] New: Verify that all internal sockets opened with SOCK_CLOEXEC thiago at kde dot org
` (2 preceding siblings ...)
2013-10-20 8:29 ` neleai at seznam dot cz
@ 2014-06-13 13:25 ` fweimer at redhat dot com
2014-06-16 11:13 ` fweimer at redhat dot com
` (3 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 13:25 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15722
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security-
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/15722] Verify that all internal sockets opened with SOCK_CLOEXEC
2013-07-09 3:08 [Bug libc/15722] New: Verify that all internal sockets opened with SOCK_CLOEXEC thiago at kde dot org
` (3 preceding siblings ...)
2014-06-13 13:25 ` fweimer at redhat dot com
@ 2014-06-16 11:13 ` fweimer at redhat dot com
2015-01-02 18:32 ` thiago at kde dot org
` (2 subsequent siblings)
7 siblings, 0 replies; 9+ messages in thread
From: fweimer at redhat dot com @ 2014-06-16 11:13 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15722
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|security- |
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug libc/15722] Verify that all internal sockets opened with SOCK_CLOEXEC
2013-07-09 3:08 [Bug libc/15722] New: Verify that all internal sockets opened with SOCK_CLOEXEC thiago at kde dot org
` (4 preceding siblings ...)
2014-06-16 11:13 ` fweimer at redhat dot com
@ 2015-01-02 18:32 ` thiago at kde dot org
2015-08-27 22:16 ` [Bug network/15722] " jsm28 at gcc dot gnu.org
2020-09-09 20:31 ` fweimer at redhat dot com
7 siblings, 0 replies; 9+ messages in thread
From: thiago at kde dot org @ 2015-01-02 18:32 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15722
--- Comment #4 from Thiago Macieira <thiago at kde dot org> ---
I respectfully submit that glibc opening files without FD_CLOEXEC is a bug, as
it makes quite a few of the functions thread-unsafe. This issue should be
changed from "enhancement" to "normal".
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug network/15722] Verify that all internal sockets opened with SOCK_CLOEXEC
2013-07-09 3:08 [Bug libc/15722] New: Verify that all internal sockets opened with SOCK_CLOEXEC thiago at kde dot org
` (5 preceding siblings ...)
2015-01-02 18:32 ` thiago at kde dot org
@ 2015-08-27 22:16 ` jsm28 at gcc dot gnu.org
2020-09-09 20:31 ` fweimer at redhat dot com
7 siblings, 0 replies; 9+ messages in thread
From: jsm28 at gcc dot gnu.org @ 2015-08-27 22:16 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15722
Joseph Myers <jsm28 at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|libc |network
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
* [Bug network/15722] Verify that all internal sockets opened with SOCK_CLOEXEC
2013-07-09 3:08 [Bug libc/15722] New: Verify that all internal sockets opened with SOCK_CLOEXEC thiago at kde dot org
` (6 preceding siblings ...)
2015-08-27 22:16 ` [Bug network/15722] " jsm28 at gcc dot gnu.org
@ 2020-09-09 20:31 ` fweimer at redhat dot com
7 siblings, 0 replies; 9+ messages in thread
From: fweimer at redhat dot com @ 2020-09-09 20:31 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15722
Bug 15722 depends on bug 19695, which changed state.
Bug 19695 Summary: libresolv needs to set O_CLOEXEC on its sockets
https://sourceware.org/bugzilla/show_bug.cgi?id=19695
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2020-09-09 20:31 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-07-09 3:08 [Bug libc/15722] New: Verify that all internal sockets opened with SOCK_CLOEXEC thiago at kde dot org
2013-10-14 13:48 ` [Bug libc/15722] " neleai at seznam dot cz
2013-10-14 14:51 ` thiago at kde dot org
2013-10-20 8:29 ` neleai at seznam dot cz
2014-06-13 13:25 ` fweimer at redhat dot com
2014-06-16 11:13 ` fweimer at redhat dot com
2015-01-02 18:32 ` thiago at kde dot org
2015-08-27 22:16 ` [Bug network/15722] " jsm28 at gcc dot gnu.org
2020-09-09 20:31 ` fweimer at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).