Bug#832940: closing fd 0,1,2 can break daemons

Fri, 29 Jul 2016 13:03:44 -0700 

Package: openrc
Version: 0.21-1
Severity: important

Hi

openrc's behaviour of closing fd 0,1,2 can potentially break daemons. An 
example of this was found with dbus 1.10.6-1ubuntu3 on ubuntuBSD (however the 
openrc version this report is based on, is imported pristine from Debian).

Below are excerpts from ktrace/kdump output of dbus-daemon (when being called 
by openrc).

First a socket is created and assigned fd 0 because it's the first free fd:

  1057 dbus-daemon CALL  socket(PF_LOCAL,SOCK_CLOEXEC|SOCK_STREAM,0)
  1057 dbus-daemon RET   socket 0
  1057 dbus-daemon CALL  stat(0x635520,0x7fffffffe480)
  1057 dbus-daemon NAMI  "/var/run/dbus/system_bus_socket"
  1057 dbus-daemon RET   stat -1 errno 2 No such file or directory
  1057 dbus-daemon CALL  bind(0,0x7fffffffe520,0x21)
  1057 dbus-daemon STRU  struct sockaddr { AF_LOCAL, 
/var/run/dbus/system_bus_socket }
  1057 dbus-daemon NAMI  "/var/run/dbus/system_bus_socket"
  1057 dbus-daemon RET   bind 0
  1057 dbus-daemon CALL  listen(0,0x1e)
  1057 dbus-daemon RET   listen 0
  1057 dbus-daemon CALL  fcntl(0,F_GETFL,0)
  1057 dbus-daemon RET   fcntl 2
  1057 dbus-daemon CALL  fcntl(0,F_SETFL,0x6<O_RDWR|O_NONBLOCK>)
  1057 dbus-daemon RET   fcntl 0
  1057 dbus-daemon CALL  
chmod(0x635520,0x1ff<S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IWGRP|S_IXGRP|S_IROTH|S_IWOTH|S_IXOTH>)
  1057 dbus-daemon NAMI  "/var/run/dbus/system_bus_socket"
  1057 dbus-daemon RET   chmod 0

then another routine in dbus closes fds 0,1,2, replacing them with /dev/null 
descriptors. Obviously it intends to disable stdio however unknowingly it is 
actually closing the socket:

  1058 dbus-daemon CALL  open(0x427733,0x2<O_RDWR>,<unused>0)
  1058 dbus-daemon NAMI  "/dev/null"
  1058 dbus-daemon RET   open 3
  1058 dbus-daemon CALL  dup2(0x3,0)
  1058 dbus-daemon RET   dup2 0
  1058 dbus-daemon CALL  dup2(0x3,0x1)
  1058 dbus-daemon RET   dup2 1
  1058 dbus-daemon CALL  issetugid
  1058 dbus-daemon RET   issetugid 0
  1058 dbus-daemon CALL  dup2(0x3,0x2)
  1058 dbus-daemon RET   dup2 2
  1058 dbus-daemon CALL  close(0x3)
  1058 dbus-daemon RET   close 0

then operations on the socket fail, leaving the system with a broken dbus:

  1058 dbus-daemon CALL  accept4(0,0x7fffffffe5b0,0x7fffffffe5ac,0x10000000)
  1058 dbus-daemon RET   accept4 -1 errno 38 Socket operation on non-socket
  1058 dbus-daemon CALL  fcntl(0xffffffff,F_GETFD,0)
  1058 dbus-daemon RET   fcntl -1 errno 9 Bad file descriptor

If you want to disable stdio I think it would be much better to replace them 
with /dev/null descriptors. Too many apps assume fds 0,1,2 are reserved for 
stdio. Leaving them free for any other use is dangerous IMHO.

-- 
Jon Boden

ubuntuBSD -- The power of FreeBSD kernel with familiarity of Ubuntu OS!

http://www.ubuntubsd.org/ -- https://twitter.com/ubuntuBSD

Reply via email to