public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "thiago at kde dot org" <sourceware-bugzilla@sourceware.org>
To: glibc-bugs@sourceware.org
Subject: [Bug libc/15722] New: Verify that all internal sockets opened with SOCK_CLOEXEC
Date: Tue, 09 Jul 2013 03:08:00 -0000 [thread overview]
Message-ID: <bug-15722-131@http.sourceware.org/bugzilla/> (raw)
http://sourceware.org/bugzilla/show_bug.cgi?id=15722
Bug ID: 15722
Summary: Verify that all internal sockets opened with
SOCK_CLOEXEC
Product: glibc
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: libc
Assignee: unassigned at sourceware dot org
Reporter: thiago at kde dot org
CC: drepper.fsp at gmail dot com
As the Summary says.
glibc has many internal sockets that it opens for internal operations and
doesn't use SOCK_CLOEXEC on. Some of those sockets are used only for a short
time (for ioctl or netlink), but some may be for a long time. Anyway, however
short the time it stays open, there's still a chance that it may leak by
another thread doing a simultaneous fork().
I've found socket openings without SOCK_CLOEXEC in:
* __opensock (socket/opensock.c), though the override in
sysdeps/unix/sysv/linux/opensock.c uses SOCK_CLOEXEC
* getifaddrs (sysdeps/gnu/ifaddrs.c and sysdeps/unix/sysv/linux/ifaddrs.c)
* getaddrinfo (sysdeps/posix/getaddrinfo.c)
* __check_native (sysdeps/unix/sysv/linux/check_native.c)
* __check_pf (sysdeps/unix/sysv/linux/check_pf.c)
* multiple in resolv/res_send.c
There could be more.
Maybe it would be useful to have an internal function that opens always a
socket with O_CLOEXEC semantics.
--
You are receiving this mail because:
You are on the CC list for the bug.
next reply other threads:[~2013-07-09 3:08 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-09 3:08 thiago at kde dot org [this message]
2013-10-14 13:48 ` [Bug libc/15722] " neleai at seznam dot cz
2013-10-14 14:51 ` thiago at kde dot org
2013-10-20 8:29 ` neleai at seznam dot cz
2014-06-13 13:25 ` fweimer at redhat dot com
2014-06-16 11:13 ` fweimer at redhat dot com
2015-01-02 18:32 ` thiago at kde dot org
2015-08-27 22:16 ` [Bug network/15722] " jsm28 at gcc dot gnu.org
2020-09-09 20:31 ` fweimer at redhat dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-15722-131@http.sourceware.org/bugzilla/ \
--to=sourceware-bugzilla@sourceware.org \
--cc=glibc-bugs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).